|
Plagegeister aller Art und deren Bekämpfung: habe mir was eingefangen "DownloadSponsor.Gen"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.03.2015, 18:52 | #1 |
| habe mir was eingefangen "DownloadSponsor.Gen" Hallo, mein Windows 8 wurde in letzter Zeit sehr langsam. Gestern merkte Avira Antivir, dass da eine Malware ist, konnte das aber nicht entfernen, sondern Avira fror ein. Ein paar Stunden später habe ich den Rechner neu starten können, dann habe ich Avira die Nacht über laufen lassen und am Morgen wurden Plagegeister "DownloadSponsor.gen" gefunden und in Quarantäne geschickt. Der Rechner ist jetzt auch wieder schnell. Vor einer Stunde habe ich Avira wieder laufen lassen und das Antivir stürtze nach einer Weile ab, weil es in eine Spericherstelle geriet "die nicht gültig" ist. Jetzt vermute ich dass da doch was nicht in Ordnung ist. Ich hatte vor ein paar Jahren schon mal einen Computer hier "repariert" bekommen, und ich dachte dass vielleicht wieder jemand hefen könne. mfG, \Tom |
09.03.2015, 18:53 | #2 |
/// the machine /// TB-Ausbilder | habe mir was eingefangen "DownloadSponsor.Gen" hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
09.03.2015, 20:11 | #3 |
| habe mir was eingefangen "DownloadSponsor.Gen" Hallo,
__________________hier kommt's... ---snip FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03 Ran by win_8 (administrator) on WIN8 on 09-03-2015 19:40:19 Running from C:\Users\win_8\Desktop Loaded Profiles: win_8 (Available profiles: win_8) Platform: Windows 8 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] () HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {C959D6CA-DD06-4623-BC24-B1A330093942} URL = SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-21] () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-21] () FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-02-20] FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-03] FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-24] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit) R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed] R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH) S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 19:40 - 2015-03-09 19:41 - 00014809 _____ () C:\Users\win_8\Desktop\FRST.txt 2015-03-09 19:40 - 2015-03-09 19:40 - 00000000 ____D () C:\FRST 2015-03-09 19:38 - 2015-03-09 19:38 - 02095104 _____ (Farbar) C:\Users\win_8\Desktop\FRST64.exe 2015-03-08 15:14 - 2015-03-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-27 21:29 - 2015-02-27 21:29 - 00000000 ____D () C:\Users\win_8\Documents\Mina webbplatser 2015-02-14 09:54 - 2015-02-14 09:56 - 00000000 ____D () C:\Users\win_8\.mediathek3 2015-02-14 09:49 - 2015-02-14 09:51 - 31470563 _____ () C:\Users\win_8\Downloads\MediathekView_8.zip 2015-02-13 19:44 - 2015-02-13 19:44 - 00000000 ____D () C:\Users\win_8\AppData\Local\pirateplay 2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirateplayer 2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Pirateplayer 2015-02-13 19:42 - 2015-02-13 19:43 - 28896608 _____ () C:\Users\win_8\Downloads\ppinstaller_-_v0_5_0.exe 2015-02-10 22:32 - 2015-02-10 22:36 - 17520650 _____ () C:\Users\win_8\Downloads\JayB_VSynth.zip 2015-02-10 22:31 - 2015-02-10 22:32 - 00254541 _____ () C:\Users\win_8\Downloads\JayB_QY100.zip 2015-02-10 22:30 - 2015-02-10 22:30 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES(1).zip 2015-02-10 22:30 - 2015-02-10 22:30 - 00100324 _____ () C:\Users\win_8\Downloads\JayB_PLG150AN.zip 2015-02-10 22:29 - 2015-02-10 22:29 - 00232611 _____ () C:\Users\win_8\Downloads\JayB_S80.zip 2015-02-10 22:29 - 2015-02-10 22:29 - 00024114 _____ () C:\Users\win_8\Downloads\JayB_AN1x.zip 2015-02-10 22:21 - 2015-02-10 22:21 - 00000000 ____D () C:\Users\win_8\Downloads\JayB_Effects 2015-02-10 22:20 - 2015-02-10 22:20 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES.zip 2015-02-10 21:40 - 2015-02-10 21:54 - 65956150 _____ () C:\Users\win_8\Downloads\JayB_Effects.zip 2015-02-08 15:06 - 2013-10-01 09:41 - 00000000 ____D () C:\UBIOS ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 19:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru 2015-03-09 18:42 - 2015-02-05 18:03 - 01073229 _____ () C:\windows\WindowsUpdate.log 2015-03-09 17:12 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp 2015-03-08 23:45 - 2014-03-03 18:07 - 00168111 _____ () C:\MyXML.xml 2015-03-08 23:44 - 2013-07-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-08 23:44 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-03-08 22:04 - 2013-06-24 19:53 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Skype 2015-03-08 20:18 - 2014-03-09 19:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-08 20:18 - 2013-06-24 19:53 - 00000000 ____D () C:\ProgramData\Skype 2015-03-08 19:15 - 2013-07-01 08:32 - 00000000 ___RD () C:\download 2015-03-02 18:32 - 2012-08-02 01:02 - 00712522 _____ () C:\windows\system32\perfh01D.dat 2015-03-02 18:32 - 2012-08-02 01:02 - 00148908 _____ () C:\windows\system32\perfc01D.dat 2015-03-02 18:32 - 2012-08-02 00:55 - 00440762 _____ () C:\windows\system32\perfh014.dat 2015-03-02 18:32 - 2012-08-02 00:55 - 00076914 _____ () C:\windows\system32\perfc014.dat 2015-03-02 18:32 - 2012-08-02 00:48 - 00426314 _____ () C:\windows\system32\perfh00B.dat 2015-03-02 18:32 - 2012-08-02 00:48 - 00081450 _____ () C:\windows\system32\perfc00B.dat 2015-03-02 18:32 - 2012-08-02 00:41 - 00455676 _____ () C:\windows\system32\perfh006.dat 2015-03-02 18:32 - 2012-08-02 00:41 - 00079422 _____ () C:\windows\system32\perfc006.dat 2015-03-02 18:32 - 2012-07-26 08:28 - 03259898 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-27 20:12 - 2013-09-10 17:06 - 00000000 ____D () C:\audio 2015-02-21 14:12 - 2013-06-24 18:32 - 00000000 ____D () C:\Users\win_8\AppData\Local\Adobe 2015-02-15 00:50 - 2014-08-25 17:22 - 00000000 ____D () C:\Users\win_8\Desktop\video 2015-02-14 13:38 - 2014-08-25 16:56 - 00000000 ____D () C:\video 2015-02-14 12:44 - 2013-06-26 18:28 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\vlc 2015-02-14 11:29 - 2013-09-07 22:54 - 00000000 ____D () C:\fuji_3d 2015-02-14 09:54 - 2013-06-24 17:23 - 00000000 ____D () C:\Users\win_8 2015-02-11 23:18 - 2013-08-11 15:16 - 00000000 ____D () C:\1000d 2015-02-08 15:07 - 2014-04-23 20:28 - 00000023 _____ () C:\model.bat ==================== Files in the root of some directories ======= 2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat Some content of TEMP: ==================== C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll C:\Users\win_8\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-08 15:54 ==================== End Of Log ============================ ---snip und hier addition ---snip Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by win_8 at 2015-03-09 19:41:26 Running from C:\Users\win_8\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.2.5.1 - Finansiell ID-Teknik BID AB) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden ffdshow v1.3.4515 [2013-06-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4515.0 - ) Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.) Fre(a)koscope (HKLM-x32\...\Fre(a)koscope_is1) (Version: 0.8 beta - Mdsp @ Smartelectronix) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation) Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPC-HC 1.7.5 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team) NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org) Passbild-Generator v3.6b (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version: - ) Pirateplayer (HKLM-x32\...\Pirateplayer) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit) Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH) Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH) Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan) USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version: - ) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis) VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 22-02-2015 16:16:45 Schemalagd kontrollpunkt 25-02-2015 21:08:35 Windows Update 28-02-2015 22:16:07 Windows Update 08-03-2015 16:24:01 Schemalagd kontrollpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2015-01-22] (IObit) Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH) Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated) Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar ==================== Loaded Modules (whitelisted) ============== 2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe 2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll 2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll 2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll 2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-10-31 15:15 - 2012-10-31 15:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll 2013-06-26 17:52 - 2013-12-09 16:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl 2013-06-26 17:52 - 2013-12-09 16:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl 2013-06-26 17:52 - 2013-12-09 16:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl 2014-03-03 18:07 - 2013-12-09 16:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll 2013-10-18 17:29 - 2013-12-09 16:10 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll 2013-10-18 17:29 - 2013-12-09 16:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll 2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center" HKLM\...\StartupApproved\Run32: => "TCrdMain" HKLM\...\StartupApproved\Run32: => "TODDMain" HKLM\...\StartupApproved\Run32: => "TosWaitSrv" ==================== Accounts: ============================= Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled) Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled) win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 05:48:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (03/08/2015 10:14:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programmet firefox.exe, version 36.0.1.5542, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: d7c Starttid: 01d059acc958762b Avslutningstid: 4294967295 Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-ID: 15fb7580-c5d8-11e4-803b-7c05077950e8 Fullständigt namn på felaktigt paket: Program-ID relativt till felaktigt paket: Error: (03/08/2015 10:14:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.1.5542, tidsstämpel 0x54f851c0 , felet uppstod i modulen med namn: mozalloc.dll, version 36.0.1.5542, tidsstämpel 0x54f8437e Undantagskod: 0x80000003 Felförskjutning: 0x00001e02 Process-ID: 0x122c Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (03/03/2015 06:04:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programmet firefox.exe, version 36.0.0.5531, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: f28 Starttid: 01d0550e22159c0a Avslutningstid: 4294967295 Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-ID: 6bd7ca1f-c1c7-11e4-8039-7c05077950e8 Fullständigt namn på felaktigt paket: Program-ID relativt till felaktigt paket: Error: (03/03/2015 06:04:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a , felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7 Undantagskod: 0x80000003 Felförskjutning: 0x00001e02 Process-ID: 0x380 Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (03/02/2015 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0xcf0 Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 Error: (03/01/2015 07:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programmet firefox.exe, version 36.0.0.5531, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: 1c44 Starttid: 01d05430892f0135 Avslutningstid: 4294967295 Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-ID: 55b755a3-c043-11e4-8037-7c05077950e8 Fullständigt namn på felaktigt paket: Program-ID relativt till felaktigt paket: Error: (03/01/2015 07:46:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a , felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7 Undantagskod: 0x80000003 Felförskjutning: 0x00001e02 Process-ID: 0x2848 Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (03/01/2015 04:00:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a , felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7 Undantagskod: 0x80000003 Felförskjutning: 0x00001e02 Process-ID: 0x180c Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (03/01/2015 03:44:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0x2a74 Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 System errors: ============= Error: (03/08/2015 11:41:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Tjänsten Windows Update stängdes inte på rätt sätt efter att ha mottagit en systemstängningsvarning. Error: (03/08/2015 03:30:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 14:43:31 den 08.03.2015 skedde oväntat. Error: (03/08/2015 02:43:31 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 18:14:50 den 03.03.2015 skedde oväntat. Error: (03/02/2015 06:12:35 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 17:53:51 den 02.03.2015 skedde oväntat. Error: (02/22/2015 03:15:43 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 21:21:44 den 21.02.2015 skedde oväntat. Error: (02/19/2015 00:52:34 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 12:20:01 den 19.02.2015 skedde oväntat. Error: (02/10/2015 06:28:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 20:46:38 den 08.02.2015 skedde oväntat. Error: (02/07/2015 11:53:42 AM) (Source: DCOM) (EventID: 10010) (User: win8) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (02/03/2015 07:37:21 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 22:12:50 den 02.02.2015 skedde oväntat. Error: (02/02/2015 07:21:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 19:04:13 den 01.02.2015 skedde oväntat. Microsoft Office Sessions: ========================= Error: (03/09/2015 05:48:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (03/08/2015 10:14:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe36.0.1.5542d7c01d059acc958762b4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe15fb7580-c5d8-11e4-803b-7c05077950e8 Error: (03/08/2015 10:14:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02122c01d059acdee8f26bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll16fa4c51-c5d8-11e4-803b-7c05077950e8 Error: (03/03/2015 06:04:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe36.0.0.5531f2801d0550e22159c0a4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe6bd7ca1f-c1c7-11e4-8039-7c05077950e8 Error: (03/03/2015 06:04:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e0238001d0550e27b09621C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6c5c7a0e-c1c7-11e4-8039-7c05077950e8 Error: (03/02/2015 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded0.0.0.050b86421c0000005000000001001f368cf001d0550c55bb4964C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dllafad17f9-c101-11e4-8039-7c05077950e8 Error: (03/01/2015 07:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe36.0.0.55311c4401d05430892f01354294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe55b755a3-c043-11e4-8037-7c05077950e8 Error: (03/01/2015 07:46:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02284801d054468a7ceebcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll56aba36c-c043-11e4-8037-7c05077950e8 Error: (03/01/2015 04:00:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02180c01d0542faa06b65fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb4455f20-c023-11e4-8037-7c05077950e8 Error: (03/01/2015 03:44:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded0.0.0.050b86421c0000005000000001001f3682a7401d0542c19571e0dC:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll7cc58333-c021-11e4-8037-7c05077950e8 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz Percentage of memory in use: 48% Total physical RAM: 3979.21 MB Available physical RAM: 2038.67 MB Total Pagefile: 8587.21 MB Available Pagefile: 3107.13 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:97.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
10.03.2015, 13:32 | #4 |
/// the machine /// TB-Ausbilder | habe mir was eingefangen "DownloadSponsor.Gen" Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.03.2015, 18:48 | #5 |
| habe mir was eingefangen "DownloadSponsor.Gen" Hallo, das erste Programm habe ich ausgeführt, hier die Logdatei. Beim zweiten Programm gibts nur Englisch, und da sind die Kommandos: Scan Cleaning Logfile Uninstall (von links nach rechts). Ich habe zwar scan durchgeführt, war dann aber unsicher wegen "löschen" - soll ich nun Cleaning oder Uninstall wählen? "Löschen" (also Delete), war nicht dabei. Bevor ich das dritte Programm starte, möchte ich erst Deine Antwort abwarten. ---snip Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.03.2015 Suchlauf-Zeit: 17:41:40 Logdatei: suchlauf_protokoll.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: win_8 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334846 Verstrichene Zeit: 39 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
11.03.2015, 10:32 | #6 |
/// the machine /// TB-Ausbilder | habe mir was eingefangen "DownloadSponsor.Gen" Warum läuft AdwCleaner bei dir auf Englisch? Komisch. Bitte Clean drücken.
__________________ --> habe mir was eingefangen "DownloadSponsor.Gen" |
11.03.2015, 22:58 | #7 |
| habe mir was eingefangen "DownloadSponsor.Gen" Hallo, hier kommt jetzt der Rest. Was kann der "DownloadSponsor.Gen" eigentlich anrichten? mbam: --snip Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.03.2015 Suchlauf-Zeit: 17:41:40 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: win_8 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334846 Verstrichene Zeit: 39 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) adw: Code:
ATTFilter # AdwCleaner v4.112 - Logfile created 11/03/2015 at 22:18:45 # Updated 09/03/2015 by Xplode # Database : 2015-03-05.1 [Server] # Operating system : Windows 8 (x64) # Username : win_8 - WIN8 # Running from : C:\Users\win_8\Desktop\AdwCleaner_4.112.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\OCS ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.17116 -\\ Mozilla Firefox v36.0.1 (x86 de) ************************* AdwCleaner[R0].txt - [791 bytes] - [10/03/2015 18:41:27] AdwCleaner[R1].txt - [849 bytes] - [11/03/2015 22:05:18] AdwCleaner[S0].txt - [742 bytes] - [11/03/2015 22:18:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [800 bytes] ########## jrt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 8 x64 Ran by win_8 on 11.03.2015 at 22:38:20,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\win_8\AppData\Roaming\mozilla\firefox\profiles\w750w0hr.default\minidumps [38 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.03.2015 at 22:40:44,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by win_8 (administrator) on WIN8 on 11-03-2015 22:42:12 Running from C:\Users\win_8\Desktop Loaded Profiles: win_8 (Available profiles: win_8) Platform: Windows 8 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] () HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-21] () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-21] () FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-02-20] FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-03] FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-24] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit) R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed] R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH) S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 22:42 - 2015-03-11 22:42 - 00000000 ____D () C:\Users\win_8\Desktop\FRST-OlderVersion 2015-03-11 22:40 - 2015-03-11 22:40 - 00000744 _____ () C:\Users\win_8\Desktop\JRT.txt 2015-03-11 22:33 - 2015-02-03 20:29 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-03-11 22:33 - 2015-02-03 20:29 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-11 22:24 - 2015-03-11 22:24 - 00000000 ____D () C:\windows\system32\appraiser 2015-03-11 22:21 - 2015-03-11 22:21 - 00000372 _____ () C:\windows\PFRO.log 2015-03-10 19:13 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll 2015-03-10 19:13 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe 2015-03-10 19:13 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll 2015-03-10 19:13 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll 2015-03-10 19:13 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll 2015-03-10 18:41 - 2015-03-11 22:18 - 00000000 ____D () C:\AdwCleaner 2015-03-10 18:38 - 2015-03-10 18:38 - 00001202 _____ () C:\Users\win_8\Desktop\suchlauf_protokoll.txt 2015-03-10 17:40 - 2015-03-10 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-10 17:39 - 2015-03-10 17:39 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-10 17:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-03-10 17:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-03-10 17:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-03-10 17:36 - 2015-03-10 17:36 - 02171392 _____ () C:\Users\win_8\Desktop\AdwCleaner_4.112.exe 2015-03-10 17:36 - 2015-03-10 17:36 - 01388333 _____ (Thisisu) C:\Users\win_8\Desktop\JRT.exe 2015-03-10 17:35 - 2015-03-10 17:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\win_8\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-09 19:59 - 2015-03-09 20:01 - 00000000 ____D () C:\Users\win_8\Desktop\stick 2015-03-09 19:41 - 2015-03-09 19:42 - 00028808 _____ () C:\Users\win_8\Desktop\Addition.txt 2015-03-09 19:40 - 2015-03-11 22:42 - 00014729 _____ () C:\Users\win_8\Desktop\FRST.txt 2015-03-09 19:40 - 2015-03-11 22:42 - 00000000 ____D () C:\FRST 2015-03-09 19:38 - 2015-03-11 22:42 - 02095616 _____ (Farbar) C:\Users\win_8\Desktop\FRST64.exe 2015-03-09 18:02 - 2015-01-12 07:48 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-03-09 18:02 - 2015-01-12 07:47 - 15403008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-03-09 18:02 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-03-09 18:02 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-03-09 18:02 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-03-09 18:01 - 2015-01-12 07:49 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-03-09 18:01 - 2015-01-12 07:49 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-03-09 18:01 - 2015-01-12 07:49 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2015-03-09 18:01 - 2015-01-12 07:49 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-03-09 18:01 - 2015-01-12 07:48 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-03-09 18:01 - 2015-01-12 07:47 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-03-09 18:01 - 2015-01-12 07:47 - 02655744 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-03-09 18:01 - 2015-01-12 07:47 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-03-09 18:01 - 2015-01-12 07:47 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-03-09 18:01 - 2015-01-12 07:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-03-09 18:01 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-03-09 18:01 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-03-09 18:01 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-03-09 18:01 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-03-09 18:01 - 2015-01-12 05:16 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-03-09 18:01 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-03-09 18:01 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-03-09 18:01 - 2014-11-21 09:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-03-09 18:01 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-03-09 18:01 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-03-09 18:01 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-03-09 18:01 - 2014-11-21 08:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-03-09 18:01 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-03-09 18:01 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-03-09 18:01 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-03-09 18:01 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-03-09 18:01 - 2014-11-21 05:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2015-03-09 18:00 - 2015-01-09 05:33 - 04061696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-03-09 17:59 - 2015-01-15 12:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll 2015-03-09 17:59 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-03-09 17:58 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll 2015-03-09 17:58 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll 2015-03-09 17:58 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll 2015-03-09 17:58 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-03-09 17:58 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-03-09 17:58 - 2015-01-15 05:08 - 00568656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-03-09 17:57 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-03-09 17:57 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2015-03-09 17:57 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2015-03-09 17:57 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2015-03-09 17:57 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2015-03-09 17:57 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll 2015-03-09 17:57 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll 2015-03-09 17:57 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll 2015-03-09 17:54 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-03-09 17:54 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2015-03-09 17:54 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll 2015-03-09 17:54 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll 2015-03-09 17:54 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll 2015-03-09 17:54 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll 2015-03-09 17:54 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2015-03-09 17:54 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2015-03-09 17:54 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll 2015-03-09 17:54 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll 2015-03-09 17:54 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll 2015-03-09 17:54 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll 2015-03-09 17:54 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll 2015-03-09 17:54 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll 2015-03-09 17:54 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys 2015-03-09 17:53 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2015-03-09 17:53 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2015-03-09 17:52 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL 2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2015-03-09 17:52 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2015-03-09 17:52 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2015-03-09 17:52 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL 2015-03-09 17:52 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL 2015-03-09 17:52 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL 2015-03-09 17:52 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL 2015-03-09 17:52 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL 2015-03-09 17:52 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL 2015-03-09 17:52 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe 2015-03-09 17:52 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll 2015-03-09 17:52 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll 2015-03-09 17:52 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll 2015-03-09 17:52 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll 2015-03-09 17:52 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll 2015-03-09 17:52 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2015-03-09 17:52 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-03-09 17:52 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2015-03-09 17:52 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll 2015-03-09 17:52 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2015-03-09 17:52 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2015-03-09 17:52 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll 2015-03-09 17:52 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2015-03-09 17:52 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2015-03-09 17:52 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2015-03-09 17:52 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2015-03-09 17:52 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2015-03-09 17:52 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2015-03-09 17:47 - 2015-02-04 10:54 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-03-09 17:47 - 2015-02-04 10:52 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-03-09 17:47 - 2015-02-04 10:52 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-03-09 17:47 - 2015-02-04 10:52 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-03-09 17:47 - 2015-02-04 10:52 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-03-09 17:47 - 2015-02-03 00:18 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-03-09 17:47 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-03-09 17:47 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll 2015-03-09 17:47 - 2014-12-03 02:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-03-09 17:46 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2015-03-09 17:46 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2015-03-09 17:46 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2015-03-09 17:46 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2015-03-09 17:46 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2015-03-09 17:46 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2015-03-09 17:46 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2015-03-09 17:46 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2015-03-09 17:43 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll 2015-03-09 17:43 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-03-09 17:43 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll 2015-03-09 17:43 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-03-09 17:40 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2015-03-09 17:40 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe 2015-03-09 17:40 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll 2015-03-09 17:40 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2015-03-09 17:40 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2015-03-09 17:40 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2015-03-09 17:40 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe 2015-03-09 17:40 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll 2015-03-09 17:40 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2015-03-09 17:40 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll 2015-03-09 17:39 - 2014-11-26 07:43 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2015-03-09 17:39 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2015-03-09 17:39 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2015-03-09 17:38 - 2014-12-18 09:51 - 00096576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys 2015-03-09 17:38 - 2014-12-18 07:52 - 00889344 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll 2015-03-09 17:38 - 2014-12-18 07:51 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2015-03-09 17:38 - 2014-12-18 07:50 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL 2015-03-09 17:38 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll 2015-03-09 17:37 - 2014-12-09 00:14 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml 2015-03-09 17:37 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-03-09 17:37 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll 2015-03-09 17:37 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-03-09 17:37 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll 2015-03-09 17:36 - 2015-01-12 07:49 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-03-09 17:36 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2015-03-09 17:36 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-03-09 17:34 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2015-03-09 17:34 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll 2015-03-09 17:33 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-03-09 17:33 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-03-09 17:33 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2015-03-09 17:33 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2015-03-09 17:33 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-03-09 17:33 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-03-09 17:33 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-03-09 17:32 - 2015-01-15 22:45 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-03-09 17:31 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2015-03-09 17:31 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-03-09 00:29 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll 2015-03-09 00:29 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll 2015-03-09 00:29 - 2015-01-09 00:52 - 00478296 _____ () C:\windows\SysWOW64\locale.nls 2015-03-09 00:29 - 2015-01-09 00:52 - 00478296 _____ () C:\windows\system32\locale.nls 2015-03-09 00:12 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-03-09 00:12 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2015-03-08 15:14 - 2015-03-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-27 21:29 - 2015-02-27 21:29 - 00000000 ____D () C:\Users\win_8\Documents\Mina webbplatser 2015-02-14 09:54 - 2015-02-14 09:56 - 00000000 ____D () C:\Users\win_8\.mediathek3 2015-02-14 09:49 - 2015-02-14 09:51 - 31470563 _____ () C:\Users\win_8\Downloads\MediathekView_8.zip 2015-02-13 19:44 - 2015-02-13 19:44 - 00000000 ____D () C:\Users\win_8\AppData\Local\pirateplay 2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirateplayer 2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Pirateplayer 2015-02-13 19:42 - 2015-02-13 19:43 - 28896608 _____ () C:\Users\win_8\Downloads\ppinstaller_-_v0_5_0.exe 2015-02-10 22:32 - 2015-02-10 22:36 - 17520650 _____ () C:\Users\win_8\Downloads\JayB_VSynth.zip 2015-02-10 22:31 - 2015-02-10 22:32 - 00254541 _____ () C:\Users\win_8\Downloads\JayB_QY100.zip 2015-02-10 22:30 - 2015-02-10 22:30 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES(1).zip 2015-02-10 22:30 - 2015-02-10 22:30 - 00100324 _____ () C:\Users\win_8\Downloads\JayB_PLG150AN.zip 2015-02-10 22:29 - 2015-02-10 22:29 - 00232611 _____ () C:\Users\win_8\Downloads\JayB_S80.zip 2015-02-10 22:29 - 2015-02-10 22:29 - 00024114 _____ () C:\Users\win_8\Downloads\JayB_AN1x.zip 2015-02-10 22:21 - 2015-02-10 22:21 - 00000000 ____D () C:\Users\win_8\Downloads\JayB_Effects 2015-02-10 22:20 - 2015-02-10 22:20 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES.zip 2015-02-10 21:40 - 2015-02-10 21:54 - 65956150 _____ () C:\Users\win_8\Downloads\JayB_Effects.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 22:42 - 2014-03-03 18:07 - 00168111 _____ () C:\MyXML.xml 2015-03-11 22:31 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ToastData 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\en-GB 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-11 22:24 - 2014-07-28 14:57 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-03-11 22:24 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AppCompat 2015-03-11 22:20 - 2015-02-05 18:03 - 01633410 _____ () C:\windows\WindowsUpdate.log 2015-03-11 22:20 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2015-03-11 22:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru 2015-03-11 20:25 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp 2015-03-11 20:17 - 2012-08-02 01:02 - 00712522 _____ () C:\windows\system32\perfh01D.dat 2015-03-11 20:17 - 2012-08-02 01:02 - 00148908 _____ () C:\windows\system32\perfc01D.dat 2015-03-11 20:17 - 2012-08-02 00:55 - 00440762 _____ () C:\windows\system32\perfh014.dat 2015-03-11 20:17 - 2012-08-02 00:55 - 00076914 _____ () C:\windows\system32\perfc014.dat 2015-03-11 20:17 - 2012-08-02 00:48 - 00426314 _____ () C:\windows\system32\perfh00B.dat 2015-03-11 20:17 - 2012-08-02 00:48 - 00081450 _____ () C:\windows\system32\perfc00B.dat 2015-03-11 20:17 - 2012-08-02 00:41 - 00455676 _____ () C:\windows\system32\perfh006.dat 2015-03-11 20:17 - 2012-08-02 00:41 - 00079422 _____ () C:\windows\system32\perfc006.dat 2015-03-11 20:17 - 2012-07-26 08:28 - 03259898 _____ () C:\windows\system32\PerfStringBackup.INI 2015-03-10 22:51 - 2013-07-01 08:32 - 00000000 ___RD () C:\download 2015-03-10 21:00 - 2013-06-24 19:53 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Skype 2015-03-10 19:46 - 2013-06-26 17:17 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2015-03-10 19:46 - 2013-06-26 17:15 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-03-10 19:46 - 2013-06-26 17:15 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-03-08 23:44 - 2013-07-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-08 20:18 - 2014-03-09 19:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-08 20:18 - 2013-06-24 19:53 - 00000000 ____D () C:\ProgramData\Skype 2015-02-27 20:12 - 2013-09-10 17:06 - 00000000 ____D () C:\audio 2015-02-21 14:12 - 2013-06-24 18:32 - 00000000 ____D () C:\Users\win_8\AppData\Local\Adobe 2015-02-15 00:50 - 2014-08-25 17:22 - 00000000 ____D () C:\Users\win_8\Desktop\video 2015-02-14 13:38 - 2014-08-25 16:56 - 00000000 ____D () C:\video 2015-02-14 12:44 - 2013-06-26 18:28 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\vlc 2015-02-14 11:29 - 2013-09-07 22:54 - 00000000 ____D () C:\fuji_3d 2015-02-14 09:54 - 2013-06-24 17:23 - 00000000 ____D () C:\Users\win_8 2015-02-11 23:18 - 2013-08-11 15:16 - 00000000 ____D () C:\1000d ==================== Files in the root of some directories ======= 2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat Some content of TEMP: ==================== C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll C:\Users\win_8\AppData\Local\Temp\avgnt.exe C:\Users\win_8\AppData\Local\Temp\Quarantine.exe C:\Users\win_8\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-08 15:54 ==================== End Of Log ============================ |
12.03.2015, 12:16 | #8 |
/// the machine /// TB-Ausbilder | habe mir was eingefangen "DownloadSponsor.Gen"ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu habe mir was eingefangen "DownloadSponsor.Gen" |
antivir, avira, avira antivir, computer, downloadsponsor -gen, eingefangen, entferne, entfernen, gefangen, gen, gestern, gültig, jahre, konnte, laufen, malware, morgen, nacht, neu, plagegeister, quarantäne, rechner, starte, starten, stunden, windows |