|
Plagegeister aller Art und deren Bekämpfung: Frage zur f.txt von doubleclick.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.03.2015, 16:58 | #1 |
| Frage zur f.txt von doubleclick. Hallo zusammen. Ich habe leider nicht so viele Computerkentnisse und hoffe mir kann jemand helfen. Gestern als ich Twitch aufgerufen habe, ist ein Downloadfenster aufgegangen, dass ich f.txt von doublecklick runtergeladen habe. Ich habe das Fenster darauf hin per klick auf X geschloßen ohne die Datei zu öffnen. Das Fenter ist nur einmal aufgetaucht und bis jetzt nicht mehr wieder, egal wie oft ich auf Twitch gehe. Es hat mich schon ziemlich gewundert was das eigendlich war und ich habe dann erstmal gegoogelt was das ist, und in den meisten Beiträgen heißt es, dass es eine Malware/Botnetz ist. Ich habe darauf hin mit mein Antivirenprogramm Kaspersky meinen ganzen Computer durchsuchen lassen, aber ohne das irgendwas gefunden wurde. Ich habe bis jetzt noch keine Veränderung oder Auswirkung gesehen. Und die f.txt datei auch nirgends wo auf meinen PC gefunden, nicht mal im Downloadverlauf. Trotzdem bin ich noch etwas verunsichert und habe mich mal so informiert was man noch tun kann. Darauf hin habe ich alles befolgt was auf dieser Seite erklärt wurde: hxxp://www.gutefrage.net/frage/twitch-downloaded-ftxt-datei-jedesmal-beim-oeffnen-der-twitchtv-seite (^ Ich hoffe das war Trojana-Board derr den Link in hxxp geändert hat und nicht die Malware) Außer den ersten Teil mit den CCleaner. Ich benütze Firefox und habe gestern nur die Internet Cache und Verlauf sowie die Cookies, Download Verlauf und Session mit den CCleaner gelöscht. Den letzten Schritt habe ich ausgelasen da ich kein Chrome benutze. Also, Malwarebytes Anti Malware hat einpaar Sachen gefunden die ich dann entfernt habe. Mit den ADWcleaner habe ich das gleiche gemacht. Meint ihr ich habe die Bedrohung entfernen können? Danke schonmal im vorraus für eine Antwort. Hier sind die Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.03.2015 Suchlauf-Zeit: 16:25:29 Logdatei: MalwareErgbn..txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.29.05 Rootkit Datenbank: v2015.03.26.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358373 Verstrichene Zeit: 5 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 5 PUP.Optional.Snapdo.T, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [5beecb805b2feb4bfb012840fe05f60a], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, , [5beecb805b2feb4bfb012840fe05f60a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [84c5f05b4c3e59dda656ea1e3bc903fd], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\INSTALLCORE, , [5bee450657338da99a3bbc62f31259a7], PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\SMARTBAR, , [66e3004bb8d25cda51a902d938cbb64a], Registrierungswerte: 5 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [f752bb90bcce74c2793515c4966dd52b] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [25242c1f107a66d0edc15584f60d48b8] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\INSTALLCORE|tb, 0H1N1M, , [5bee450657338da99a3bbc62f31259a7] PUP.Optional.Snapdo.T, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [df6a8dbee8a2df578b0dd210bc47df21] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\SMARTBAR|publisher, IrsSF, , [66e3004bb8d25cda51a902d938cbb64a] Registrierungsdaten: 7 PUP.Optional.SafeFinder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhtKI-IdQh4_gCXCpDV8ZvdAg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhtKI-IdQh4_gCXCpDV8ZvdAg,,&q={searchTerms}),,[f455e665870342f4dd9d99558a7bd828] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}),,[ab9e1b30305a77bf1f57dd11a85d16ea] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheH4UABqxJtZqIH53Pw9raJCcJ5jn2ynZOiNEVOFpaKE3nVVqo18tE8FQLnygJSEgkVNRQUniPgdUwoRX1U3UNw,,, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheH4UABqxJtZqIH53Pw9raJCcJ5jn2ynZOiNEVOFpaKE3nVVqo18tE8FQLnygJSEgkVNRQUniPgdUwoRX1U3UNw,,),,[92b7b89399f1ea4cd3a325c99174c040] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}),,[9aafbf8c12780630e393f8f6d82d9070] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}),,[34159dae42486accb4c51ed0e025b54b] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}),,[2e1b37141b6f3afc96e323cbb64f18e8] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5H3UCbAkeVRs2_q-uIwxOKoiZk-hDRIzZCqqMYCHd-87GhNiiLSfiZKkQ4e4z1JheHIZWFVibxkiQzl3tiabhhh8e3eqK7q73-ba8TNWGqaEH9xsXH_ysFz96c26gOhq1mamuAu_sIwTtM90vt9qBQ,,&q={searchTerms}),,[1a2f93b854369b9b423912dc41c4d22e] Ordner: 8 PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\index-dir, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\databases, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Local Storage, , [77d2a5a679116bcba495e852e4218c74], Dateien: 35 PUP.Optional.Bitberry, C:\Users\User\Downloads\FinalTorrentSetup.exe, , [c782b89396f462d414a9fbc9a8590ff1], PUP.Optional.Downloader, C:\Users\User\Downloads\JPEG to PDF - CHIP-Installer.exe, , [76d3381395f549ed2f7aa8c35ca4dd23], PUP.Optional.SmartBar, C:\Windows\Installer\MSI3326.tmp-\Smartbar.Installer.CustomActions.dll, , [6ddc3714f595a98d1f8874ba8d73f808], PUP.Optional.SmartBar, C:\Windows\Installer\MSI8E4C.tmp-\Smartbar.Installer.CustomActions.dll, , [361357f47812e74fa4034be3f60a7888], PUP.Optional.SmartBar, C:\Windows\Installer\MSICEF6.tmp-\Smartbar.Installer.CustomActions.dll, , [2e1b22290288c5719a0d2b03e61a33cd], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\QuotaManager-journal, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\cookies, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\cookies-journal, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\QuotaManager, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\website.ico, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\315a39b606bc4359_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\327e2f346370c855_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\33a5ff91dfd57aaa_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\37777592bb84fb04_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\47cff2ba15008159_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\4e0e286af25cf000_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\5c559e4e52c0a1d6_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\8a2abd4eed83e9d6_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\a682a844981d4e40_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\dc7fc0c707dd9b40_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\de0b2e8eac490ee0_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\index, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\Cache\index-dir\the-real-index, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\databases\Databases.db, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\databases\Databases.db-journal, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache\data_0, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache\data_1, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache\data_2, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache\data_3, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\GPUCache\index, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\000003.log, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\CURRENT, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOCK, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOG, , [77d2a5a679116bcba495e852e4218c74], PUP.Optional.Gameo.A, C:\Users\User\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000002, , [77d2a5a679116bcba495e852e4218c74], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 16:50:52 # Aktualisiert 22/03/2015 von Xplode # Datenbank : 2015-03-28.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : User - KR121220 # Gestarted von : C:\Users\User\Downloads\AdwCleaner_4.113.exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\foxydeal.sqlite Datei Gefunden : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\user.js Ordner Gefunden : C:\Program Files (x86)\ClearThink Ordner Gefunden : C:\Users\User\AppData\Roaming\pdfforge ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Schlüssel Gefunden : HKCU\Software\Bitberry Software Schlüssel Gefunden : HKCU\Software\gameo Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\Bitberry Software Schlüssel Gefunden : [x64] HKCU\Software\gameo Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.4 (x86 de) [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.DockingPositionDown", false); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.Visibility", false); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.keepAliveLastevent", "1408379866"); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408333075786"); [m04yktkm.default] - Zeile Gefunden : user_pref("extensions.ui.lastCategory", "addons://search/safefinder"); ************************* AdwCleaner[R0].txt - [2547 Bytes] - [29/03/2015 16:50:52] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2606 Bytes] ########## Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 16:52:36 # Aktualisiert 22/03/2015 von Xplode # Datenbank : 2015-03-28.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : User - KR121220 # Gestarted von : C:\Users\User\Downloads\AdwCleaner_4.113.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\ClearThink Ordner Gelöscht : C:\Users\User\AppData\Roaming\pdfforge Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\foxydeal.sqlite Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\user.js ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Bitberry Software Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\gameo Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.4 (x86 de) [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", false); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1408379866"); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408333075786"); [m04yktkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/safefinder"); ************************* AdwCleaner[R0].txt - [2709 Bytes] - [29/03/2015 16:50:52] AdwCleaner[S0].txt - [2528 Bytes] - [29/03/2015 16:52:36] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2587 Bytes] ########## Geändert von Ixamus (29.03.2015 um 17:08 Uhr) |
29.03.2015, 17:35 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick.Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
29.03.2015, 17:52 | #3 |
| Frage zur f.txt von doubleclick. Hallo Jürgen, hier sind die Logs:
__________________Frst.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by User (administrator) on KR121220 on 29-03-2015 18:44:26 Running from C:\Users\User\Downloads Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-03-15] (Intel Corporation) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-11-04] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.) HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\MountPoints2: {ad53fe5b-43b6-11e2-856c-806e6f6e6963} - D:\Run.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2956239176-924636802-565636817-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-06] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-06] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-03] (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-03] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-12] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2956239176-924636802-565636817-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\Extensions\firefox@ghostery.com.xpi [2015-03-28] FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-12-06] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-03-15] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [70912 2011-11-04] (Fresco Logic) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24496 2012-03-15] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc) R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 18:44 - 2015-03-29 18:44 - 00021190 _____ () C:\Users\User\Downloads\FRST.txt 2015-03-29 18:44 - 2015-03-29 18:44 - 00000000 ____D () C:\FRST 2015-03-29 18:43 - 2015-03-29 18:43 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-03-29 17:41 - 2015-03-29 17:41 - 00001427 _____ () C:\Users\User\Desktop\Neues Textdokument.txt 2015-03-29 16:52 - 2015-03-29 16:52 - 00002679 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2015-03-29 16:50 - 2015-03-29 17:40 - 00000000 ____D () C:\AdwCleaner 2015-03-29 16:50 - 2015-03-29 16:51 - 00002709 _____ () C:\Users\User\Desktop\AdwCleaner[R0].txt 2015-03-29 16:49 - 2015-03-29 16:49 - 02168320 _____ () C:\Users\User\Downloads\AdwCleaner_4.113.exe 2015-03-29 16:35 - 2015-03-29 16:54 - 00011654 _____ () C:\Windows\PFRO.log 2015-03-29 16:31 - 2015-03-29 16:32 - 00000000 ____D () C:\Users\User\Desktop\MalwareErgebnis 2015-03-29 16:25 - 2015-03-29 18:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-29 16:24 - 2015-03-29 16:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-29 16:24 - 2015-03-29 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-29 16:24 - 2015-03-29 16:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-29 16:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-29 16:24 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-29 16:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-29 16:23 - 2015-03-29 16:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-29 10:45 - 2015-03-29 16:54 - 00000504 _____ () C:\Windows\setupact.log 2015-03-29 10:45 - 2015-03-29 10:45 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-28 18:14 - 2015-03-28 18:14 - 00013936 _____ () C:\Users\User\Documents\cc_20150328_171355.reg 2015-03-27 20:05 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-03-27 19:52 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll 2015-03-27 19:52 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll 2015-03-26 11:42 - 2015-03-26 11:42 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard 2015-03-25 21:22 - 2015-03-25 21:22 - 00000763 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2015-03-25 21:22 - 2015-03-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2015-03-22 11:54 - 2015-03-22 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 20:31 - 2015-03-19 20:31 - 00001107 _____ () C:\Users\User\Desktop\Recursion Tracker.lnk 2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursion 2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Program Files (x86)\Recursion 2015-03-18 09:41 - 2015-03-18 09:41 - 00002515 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk 2015-03-18 09:41 - 2015-03-18 09:41 - 00002485 _____ () C:\Users\User\Desktop\PlanetSide 2.lnk 2015-03-18 09:41 - 2015-03-18 09:41 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2015-03-18 09:40 - 2015-03-18 09:40 - 23978024 _____ () C:\Users\User\Downloads\PS2_setup.exe 2015-03-17 20:11 - 2015-03-17 20:11 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList 2015-03-15 18:49 - 2015-03-15 18:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\java 2015-03-14 07:49 - 2015-03-14 07:49 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\Documents\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\.mono 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Local\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\ProgramData\.mono 2015-03-11 15:39 - 2015-03-11 15:39 - 00000000 ____D () C:\Users\User\AppData\Local\Steam 2015-03-11 15:19 - 2015-03-11 15:19 - 00000202 _____ () C:\Users\User\Desktop\Cities Skylines.url 2015-03-11 09:13 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 09:13 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 09:13 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 09:13 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 09:13 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 09:13 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 09:13 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 09:13 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 09:13 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 09:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 09:13 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 09:13 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 09:13 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 09:13 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 09:13 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 09:13 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 09:13 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 09:13 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 09:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 09:13 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 09:13 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 09:13 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 09:13 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 09:13 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 09:13 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 09:13 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 09:12 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 09:12 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 09:12 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 09:12 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 09:12 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 09:12 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 09:12 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 09:12 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 09:12 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 09:12 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 09:12 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 09:12 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 09:12 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 09:12 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 09:12 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 09:12 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 09:12 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:12 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 09:12 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 09:12 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 09:12 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 09:12 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:12 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 09:12 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:12 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 09:12 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 09:12 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:12 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 09:12 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:12 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 09:12 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:12 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 09:12 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 09:12 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:12 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 09:12 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 09:12 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:12 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 09:12 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 09:12 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:12 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 09:12 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 09:12 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 09:12 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:12 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 09:12 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 09:12 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 09:12 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 09:12 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 09:12 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 09:12 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:12 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 09:12 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 09:12 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:12 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:12 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 09:12 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 09:12 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 09:12 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:12 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 09:12 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 09:12 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 09:12 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:12 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 09:12 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 09:12 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 09:12 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 09:12 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 09:12 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:12 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 09:12 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 09:12 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 09:12 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 09:12 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 09:12 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 09:12 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 09:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 09:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-07 17:05 - 2015-03-07 17:05 - 00000000 ____D () C:\ProgramData\RzSurroundVAD_1.1.60.0 2015-03-03 22:22 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 22:22 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 22:22 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 22:22 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 11:35 - 2015-03-03 11:36 - 00000000 ____D () C:\Ordner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 18:21 - 2012-12-12 22:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-29 17:58 - 2015-02-14 11:03 - 01815801 _____ () C:\Windows\WindowsUpdate.log 2015-03-29 17:10 - 2013-09-01 10:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-29 17:01 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-29 17:01 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-29 17:00 - 2011-04-12 09:43 - 13203778 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 17:00 - 2011-04-12 09:43 - 04079600 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 17:00 - 2009-07-14 07:13 - 00006462 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-29 16:54 - 2012-12-11 12:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-29 16:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-28 20:48 - 2014-03-31 17:50 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net 2015-03-28 18:11 - 2013-02-14 22:34 - 00000000 ____D () C:\Windows\Minidump 2015-03-27 20:07 - 2012-12-11 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-27 20:05 - 2012-12-11 12:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-03-27 19:54 - 2012-12-11 12:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-23 08:12 - 2014-01-13 11:39 - 00346840 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-23 08:12 - 2012-12-12 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-22 12:06 - 2014-01-12 19:47 - 00090216 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-18 09:41 - 2014-04-27 11:04 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-03-18 08:58 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-17 18:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-15 18:59 - 2012-12-12 22:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft 2015-03-15 11:29 - 2014-09-29 21:23 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-03-15 11:28 - 2012-12-12 22:05 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-15 11:28 - 2012-12-12 22:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-15 11:28 - 2012-12-12 22:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-13 12:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-12 00:17 - 2014-04-09 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-12 00:13 - 2013-08-15 01:18 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 00:10 - 2012-12-15 13:03 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-04 09:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2015-03-03 11:36 - 2014-11-10 21:38 - 00000000 ____D () C:\Users\Public\Documents\BewerbungsUnterlagen 2015-03-02 14:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-01-03 20:20 - 2015-01-03 20:20 - 0007602 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\User\AppData\Local\setup.txt 2012-12-12 21:26 - 2012-12-12 21:26 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2014-12-31 19:29 - 2014-12-31 19:29 - 0000040 _____ () C:\ProgramData\ra3.ini Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\nvStInst.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 18:51 ==================== End Of Log ============================ --- --- --- und hier Addition.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by User (administrator) on KR121220 on 29-03-2015 18:44:26 Running from C:\Users\User\Downloads Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-03-15] (Intel Corporation) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-11-04] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.) HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\MountPoints2: {ad53fe5b-43b6-11e2-856c-806e6f6e6963} - D:\Run.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2956239176-924636802-565636817-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2956239176-924636802-565636817-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-06] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-06] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-03] (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-03] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-12] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2956239176-924636802-565636817-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\Extensions\firefox@ghostery.com.xpi [2015-03-28] FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m04yktkm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-12-06] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-03-15] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [70912 2011-11-04] (Fresco Logic) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24496 2012-03-15] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc) R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 18:44 - 2015-03-29 18:44 - 00021190 _____ () C:\Users\User\Downloads\FRST.txt 2015-03-29 18:44 - 2015-03-29 18:44 - 00000000 ____D () C:\FRST 2015-03-29 18:43 - 2015-03-29 18:43 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-03-29 17:41 - 2015-03-29 17:41 - 00001427 _____ () C:\Users\User\Desktop\Neues Textdokument.txt 2015-03-29 16:52 - 2015-03-29 16:52 - 00002679 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2015-03-29 16:50 - 2015-03-29 17:40 - 00000000 ____D () C:\AdwCleaner 2015-03-29 16:50 - 2015-03-29 16:51 - 00002709 _____ () C:\Users\User\Desktop\AdwCleaner[R0].txt 2015-03-29 16:49 - 2015-03-29 16:49 - 02168320 _____ () C:\Users\User\Downloads\AdwCleaner_4.113.exe 2015-03-29 16:35 - 2015-03-29 16:54 - 00011654 _____ () C:\Windows\PFRO.log 2015-03-29 16:31 - 2015-03-29 16:32 - 00000000 ____D () C:\Users\User\Desktop\MalwareErgebnis 2015-03-29 16:25 - 2015-03-29 18:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-29 16:24 - 2015-03-29 16:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-29 16:24 - 2015-03-29 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-29 16:24 - 2015-03-29 16:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-29 16:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-29 16:24 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-29 16:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-29 16:23 - 2015-03-29 16:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-29 10:45 - 2015-03-29 16:54 - 00000504 _____ () C:\Windows\setupact.log 2015-03-29 10:45 - 2015-03-29 10:45 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-28 18:14 - 2015-03-28 18:14 - 00013936 _____ () C:\Users\User\Documents\cc_20150328_171355.reg 2015-03-27 20:05 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-03-27 19:52 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll 2015-03-27 19:52 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll 2015-03-26 11:42 - 2015-03-26 11:42 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard 2015-03-25 21:22 - 2015-03-25 21:22 - 00000763 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2015-03-25 21:22 - 2015-03-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2015-03-22 11:54 - 2015-03-22 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 20:31 - 2015-03-19 20:31 - 00001107 _____ () C:\Users\User\Desktop\Recursion Tracker.lnk 2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursion 2015-03-19 20:31 - 2015-03-19 20:31 - 00000000 ____D () C:\Program Files (x86)\Recursion 2015-03-18 09:41 - 2015-03-18 09:41 - 00002515 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk 2015-03-18 09:41 - 2015-03-18 09:41 - 00002485 _____ () C:\Users\User\Desktop\PlanetSide 2.lnk 2015-03-18 09:41 - 2015-03-18 09:41 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2015-03-18 09:40 - 2015-03-18 09:40 - 23978024 _____ () C:\Users\User\Downloads\PS2_setup.exe 2015-03-17 20:11 - 2015-03-17 20:11 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList 2015-03-15 18:49 - 2015-03-15 18:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\java 2015-03-14 07:49 - 2015-03-14 07:49 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\Documents\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\.mono 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\Users\User\AppData\Local\Colossal Order 2015-03-11 16:25 - 2015-03-11 16:25 - 00000000 ____D () C:\ProgramData\.mono 2015-03-11 15:39 - 2015-03-11 15:39 - 00000000 ____D () C:\Users\User\AppData\Local\Steam 2015-03-11 15:19 - 2015-03-11 15:19 - 00000202 _____ () C:\Users\User\Desktop\Cities Skylines.url 2015-03-11 09:13 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 09:13 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 09:13 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 09:13 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 09:13 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 09:13 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 09:13 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 09:13 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 09:13 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 09:13 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 09:13 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 09:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 09:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 09:13 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 09:13 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 09:13 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 09:13 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 09:13 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 09:13 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 09:13 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 09:13 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 09:13 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 09:13 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 09:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 09:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 09:13 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 09:13 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 09:13 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 09:13 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 09:13 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 09:13 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 09:13 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 09:12 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 09:12 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 09:12 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 09:12 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 09:12 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 09:12 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 09:12 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 09:12 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 09:12 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 09:12 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 09:12 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 09:12 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 09:12 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 09:12 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 09:12 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 09:12 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 09:12 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 09:12 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 09:12 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:12 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 09:12 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 09:12 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 09:12 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 09:12 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:12 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 09:12 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:12 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 09:12 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 09:12 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:12 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 09:12 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:12 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 09:12 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:12 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 09:12 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 09:12 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:12 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 09:12 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 09:12 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:12 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 09:12 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 09:12 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:12 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 09:12 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 09:12 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 09:12 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 09:12 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:12 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 09:12 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 09:12 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 09:12 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 09:12 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 09:12 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 09:12 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:12 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 09:12 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 09:12 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:12 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:12 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 09:12 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 09:12 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 09:12 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:12 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 09:12 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 09:12 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 09:12 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:12 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 09:12 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 09:12 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 09:12 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 09:12 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 09:12 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:12 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 09:12 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 09:12 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 09:12 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 09:12 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 09:12 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 09:12 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 09:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 09:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-07 17:05 - 2015-03-07 17:05 - 00000000 ____D () C:\ProgramData\RzSurroundVAD_1.1.60.0 2015-03-03 22:22 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 22:22 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 22:22 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 22:22 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 11:35 - 2015-03-03 11:36 - 00000000 ____D () C:\Ordner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 18:21 - 2012-12-12 22:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-29 17:58 - 2015-02-14 11:03 - 01815801 _____ () C:\Windows\WindowsUpdate.log 2015-03-29 17:10 - 2013-09-01 10:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-29 17:01 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-29 17:01 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-29 17:00 - 2011-04-12 09:43 - 13203778 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 17:00 - 2011-04-12 09:43 - 04079600 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 17:00 - 2009-07-14 07:13 - 00006462 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-29 16:54 - 2012-12-11 12:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-29 16:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-28 20:48 - 2014-03-31 17:50 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net 2015-03-28 18:11 - 2013-02-14 22:34 - 00000000 ____D () C:\Windows\Minidump 2015-03-27 20:07 - 2012-12-11 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-27 20:05 - 2012-12-11 12:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-03-27 19:54 - 2012-12-11 12:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-23 08:12 - 2014-01-13 11:39 - 00346840 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-23 08:12 - 2012-12-12 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-22 12:06 - 2014-01-12 19:47 - 00090216 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-18 09:41 - 2014-04-27 11:04 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-03-18 08:58 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-17 18:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-15 18:59 - 2012-12-12 22:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft 2015-03-15 11:29 - 2014-09-29 21:23 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-03-15 11:28 - 2012-12-12 22:05 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-15 11:28 - 2012-12-12 22:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-15 11:28 - 2012-12-12 22:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-13 12:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-12 00:17 - 2014-04-09 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-12 00:13 - 2013-08-15 01:18 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 00:10 - 2012-12-15 13:03 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-04 09:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2015-03-03 11:36 - 2014-11-10 21:38 - 00000000 ____D () C:\Users\Public\Documents\BewerbungsUnterlagen 2015-03-02 14:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-01-03 20:20 - 2015-01-03 20:20 - 0007602 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\User\AppData\Local\setup.txt 2012-12-12 21:26 - 2012-12-12 21:26 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2014-12-31 19:29 - 2014-12-31 19:29 - 0000040 _____ () C:\ProgramData\ra3.ini Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\nvStInst.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 18:51 ==================== End Of Log ============================ --- --- --- |
29.03.2015, 18:07 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick. Hi, die Addition.txt fehlt noch.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
29.03.2015, 18:11 | #5 |
| Frage zur f.txt von doubleclick. Oh tut mir leid, ich dachte ich hätte es gepostet. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by User at 2015-03-29 18:44:42 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CCleaner 2015 (HKLM-x32\...\CCleaner 2015) (Version: - ) Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Fresco Logic USB3.0 Host Controller (HKLM\...\{72621D05-74DE-4027-8799-882D99986F21}) (Version: 3.5.12.0 - Fresco Logic Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1134 - Intel Corporation) Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel) Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.1.0.1068 - Intel Corporation) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1010 - Marvell) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.39715 - Grinding Gear Games) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PlanetSide 2 (HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment) Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.) Recursion Tracker (HKLM-x32\...\{15D7EEC8-FD86-4398-839C-393ADF0110D2}) (Version: 0.10.2.6 - Recursion) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios) Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios) TeamSpeak 3 Client (HKU\S-1-5-21-2956239176-924636802-565636817-1000\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2956239176-924636802-565636817-1000_Classes\CLSID\{91873965-1646-40d1-874e-b377811440fb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2956239176-924636802-565636817-1000_Classes\CLSID\{96c649d7-821d-4523-bc54-76d6bbfc8cb1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {17864042-14A0-4981-9301-82D0606EA688} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {319F470B-2C86-44D6-A55F-35B6782B1981} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15] (Adobe Systems Incorporated) Task: {46A7A0A6-A76A-4D75-B0E1-760135B6EB95} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7CF3C82D-66CC-4607-BB24-3B2AFB83B86A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {87E16BB5-2E6C-4264-82E5-A961025EACD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {99B135D1-C46F-4A00-929F-606EF4C3EC1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {AB8DC719-F4D9-4369-9713-B6FEC75F12CC} - System32\Tasks\{5817C6B0-29E7-4FB3-B08D-ECF584DFE111} => pcalua.exe -a C:\Users\User\Downloads\setup(2).exe -d C:\Users\User\Downloads Task: {E6105137-C94D-499A-8413-184FCB5E7CD9} - System32\Tasks\{6CD97763-CE53-44B8-9855-32A6A1916A0D} => pcalua.exe -a "D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe" -d "D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead" Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2012-12-11 12:39 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-20 21:12 - 2014-06-20 21:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-05 02:24 - 2015-02-05 02:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2015-02-05 11:20 - 2015-02-05 11:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll 2014-10-17 15:35 - 2014-10-17 15:35 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\3d540ad543f40ac2fc1107b17a8fef40\PSIClient.ni.dll 2015-03-15 11:28 - 2015-03-15 11:28 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2956239176-924636802-565636817-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart MSCONFIG\startupreg: EADM => "D:\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent ==================== Accounts: ============================= Administrator (S-1-5-21-2956239176-924636802-565636817-500 - Administrator - Disabled) Gast (S-1-5-21-2956239176-924636802-565636817-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2956239176-924636802-565636817-1008 - Limited - Enabled) User (S-1-5-21-2956239176-924636802-565636817-1000 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (03/29/2015 04:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (03/29/2015 04:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 10:51:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (03/29/2015 10:51:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Razer Surround Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Razer Overlay Subsystem Emergency Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/29/2015 04:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (03/29/2015 04:59:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (03/29/2015 04:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (03/29/2015 04:41:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (03/29/2015 04:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 10:51:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (03/29/2015 10:51:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 CodeIntegrity Errors: =================================== Date: 2014-10-13 18:47:00.003 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-13 18:47:00.002 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-13 18:47:00.001 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-13 18:46:59.995 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-13 18:46:59.994 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-13 18:46:59.993 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-11 13:38:40.714 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-11 13:38:40.713 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-11 13:38:40.712 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-11 13:38:40.710 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. |
29.03.2015, 18:14 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick. Mach mal bitte noch einen Wiederholungsscan mit Malwarebytes und dann einen mit ESET. Schritt 1
Schritt 2 ESET Online Scanner
__________________ --> Frage zur f.txt von doubleclick. |
29.03.2015, 23:06 | #7 |
| Frage zur f.txt von doubleclick. Eine Frage habe ich noch, soll ich ESET danach deinstallieren wie du es beschrieben hast, oder war das nur eine Erklärung wie ich es später entfernen kann? Ich habe es deinstalliert wie beschrieben. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.03.2015 Suchlauf-Zeit: 19:22:41 Logdatei: MalwareErgebnis.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.29.06 Rootkit Datenbank: v2015.03.26.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358940 Verstrichene Zeit: 4 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3ab7ee30cb6d6c409e0c1a9028d41b52 # engine=23139 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-29 09:51:42 # local_time=2015-03-29 11:51:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777213 100 100 25060 59143924 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 227833 179295752 0 0 # scanned=223333 # found=27 # cleaned=0 # scan_time=15162 sh=115D5FD4D93B070D24126C3976874FA6B903FFDF ft=1 fh=b7d094930b7c7df3 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\FinalTorrentSetup [1].exe" sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\PDFCreator-1_7_3_setup.exe" sh=3E745B29E7E45B3ABDDC9EF96ADACF04BDBB7AFD ft=1 fh=a9881895b6329b2f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI3326.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI3326.tmp-\srptc.dll" sh=EB9733AB7440BE51340940472DBEFFD05EEC35AA ft=1 fh=87be24442bd79afc vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI3326.tmp-\srut.dll" sh=3E745B29E7E45B3ABDDC9EF96ADACF04BDBB7AFD ft=1 fh=a9881895b6329b2f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8E4C.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8E4C.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8E4C.tmp-\spusm.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8E4C.tmp-\srptc.dll" sh=EB9733AB7440BE51340940472DBEFFD05EEC35AA ft=1 fh=87be24442bd79afc vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8E4C.tmp-\srut.dll" sh=3E745B29E7E45B3ABDDC9EF96ADACF04BDBB7AFD ft=1 fh=a9881895b6329b2f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=4AE77154BFC5AA6BD04BDCED53C63A067730576F ft=1 fh=323fb5820db3c883 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\spbe.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\spusm.dll" sh=C992DE3D318BB72B8E76772AEC6D4901C0A1C623 ft=1 fh=b47bdf325a7b1513 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\srbs.dll" sh=C36218BF46315C11A0E6D90CDD09AFDDE83E648C ft=1 fh=a236f9108107e224 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\srbu.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\srptc.dll" sh=EB9733AB7440BE51340940472DBEFFD05EEC35AA ft=1 fh=87be24442bd79afc vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSICEF6.tmp-\srut.dll" sh=E92599C7F33D50AE2EBD5363D9AC4EE62DC5A2CD ft=0 fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2014-07-13 190001\Backup Files 2014-08-24 190000\Backup files 4.zip" sh=BB1B1198FF0E7608DCFB737A6151431FA6F382BC ft=0 fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2014-09-21 190001\Backup Files 2014-09-21 190001\Backup files 7.zip" sh=089B286CAC34A247509EFE7244147FF2562221FA ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2014-09-21 190001\Backup Files 2014-10-05 190001\Backup files 3.zip" sh=EB4BFB24A5784F40C05E5ED100A417823FAF4B87 ft=0 fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2014-11-16 190001\Backup Files 2014-11-16 190001\Backup files 6.zip" sh=8DBFB2BC5744786102F360FDA6D4FAA1F9253023 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2014-11-16 190001\Backup Files 2014-11-16 190001\Backup files 7.zip" sh=31961564B34D694D7BF18A50264479C78506F5CE ft=0 fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2015-01-11 194911\Backup Files 2015-01-11 194911\Backup files 6.zip" sh=1470BFA214BAC50955ED8CD43EAF9D50D5AB4892 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2015-01-11 194911\Backup Files 2015-01-11 194911\Backup files 7.zip" sh=08CC62D90BB719E1B92EEE3F3173F033BC750E5C ft=0 fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2015-03-01 190001\Backup Files 2015-03-01 190001\Backup files 6.zip" sh=E73AEF3A0C6632BD6A9C8BA823976D509A03F35A ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\KR121220\Backup Set 2015-03-01 190001\Backup Files 2015-03-01 190001\Backup files 7.zip" |
30.03.2015, 10:35 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick. Ok, da wurde nichts Relevantes mehr gefunden. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
30.03.2015, 12:07 | #9 |
| Frage zur f.txt von doubleclick. Okay, vielen dank für deine hilfe! |
30.03.2015, 16:57 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick. Gerne. Bitte das Code:
ATTFilter Java 8 Update 25 Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Wie kann ich mich in Zukunft besser schützen? Tipps, Dos & Don'ts Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
Cracks, Downloads & Co. Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
30.03.2015, 18:45 | #11 |
| Frage zur f.txt von doubleclick. Okay habe ich gemacht, vielen dank nochmal! |
30.03.2015, 18:45 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Frage zur f.txt von doubleclick. Gerne! Alles Gute!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Frage zur f.txt von doubleclick. |
entfernen, explorer, f.txt, internet, internet explorer, kaspersky, malwarebytes, microsoft, nicht mehr, programm, pup.optional.bitberry, pup.optional.downloader, pup.optional.gameo.a, pup.optional.installcore.a, pup.optional.safefinder.a, pup.optional.smartbar, pup.optional.snapdo.t, software |