Hallo,
ich habe vor 3 Tagen von NoScript eine Warnung über einen potentiellen Clickjacking-Angriff bekommen bzw. Versuch einer UI-Umadressierung.
Dies tritt bisher nur auf der Lego.de Seite auf, immer wenn man auf das blaue LEGO ID klickt und anschliessend auf Benutzername.
In Windows war ein mir unbekanntens Programm installiert das ich deinstalliert habe:
WebConnect3.0
Unter dem NoScript Button bemerkte ich das Edgecastcdn.net auf jeder Webseite erschien.
In Firefox fand ich ein Addon das ich ebenfalls deinstallierte "Web1.0", oder "Webconnect1.0", bin mir in diesem Punkt nicht mehr sicher.
Danach war Edgecastcdn.net verschwunden.
Mein Windows 7 64bit System sichere ich mit Avast Free, Spybot SD
Als Browser Firefox mit Noscript, Ghostery, Adblock Plus
Nach Recherchern hier im Forum habe ich mir Spywareblaster und Malwarebytes installiert.
Malewarebytes hat folgendes gefunden:
PUP.Optional.SweetIM
PUP.Optional.InstallCore.A
PUP.Optional.BrowserFox.A
Firefox und die Addons habe ich komplett deinstalliert und wieder installiert, da ich dachte ich hätte bei NoScript etwas verändert und die Einstellungen von NoScript wären schuld.
Hat aber nichts gebracht.
Kompletter Durchlauf von Avast hat auch nichts ergeben.
Andere Probleme habe ich bisher nicht festgestellt, System arbeitet normal.
Auf die Legoseite komme ich über den Umweg "Shop" noch rein, aber nicht über die Hauptseite.
Logdateien mit FRST64 wollte ich erstellen, bekomme aber das erste Logfile nicht mehr, da ich es im Downloadordner gespeichert hatte und auch von da startete, dummerweise habe ich dann mein System nochmals bereinigt :stirn:
Meine Persönliche Vermutung ist:
NoScript reagiert etwas empfindlich was Lego.de angeht,
sicher bin ich mir natürlich nicht und erwäge eine Neuinstallation.
Trotzdem bin ich ein neugieriger Mensch und wüsste schon gern, was bei mir schief gelaufen ist.
Dies ist bisher meine erste Meldung seit ca. 8 Jahren und ich dachte bisher mein Surfverhalten + benutze Software hält mich von Schaden fern... aber jeden triffts wohl mal :heilig:
Freue mich auf Eure Hilfe
LG, Rentner2037
Defogger Log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:36 on 04/09/2013 (Username)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by Username (administrator) on UsernaNFUTURE on 04-09-2013 22:36:48
Running from C:\Users\Username\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Farbar) C:\Users\Username\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
MountPoints2: {a1d57a61-05d4-11e2-805b-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {a1d57a62-05d4-11e2-805b-806e6f6e6963} - F:\autorun.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Username\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\128.xpi
==================== Services (Whitelisted) =================
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 22:33 - 2013-09-04 22:33 - 01950668 _____ (Farbar) C:\Users\Username\Desktop\FRST64(1).exe
2013-09-04 18:41 - 2013-09-04 20:49 - 00001133 _____ C:\Windows\setupact.log
2013-09-04 18:41 - 2013-09-04 18:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 00:39 - 2013-09-04 00:39 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-04 00:39 - 2013-09-04 00:39 - 00000000 ____D C:\Users\Username\AppData\Roaming\Mozilla
2013-09-04 00:38 - 2013-09-04 00:39 - 22240760 _____ (Mozilla) C:\Users\Username\Downloads\Firefox_Setup_23.0.1.exe
2013-09-02 21:31 - 2013-09-02 21:31 - 00000000 ____D C:\FRST
2013-09-02 21:29 - 2013-09-02 21:29 - 00000000 _____ C:\Users\Username\defogger_reenable
2013-09-02 21:28 - 2013-09-02 21:28 - 00050477 _____ C:\Users\Username\Desktop\Defogger.exe
2013-09-02 00:50 - 2013-09-04 01:19 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-02 00:50 - 2013-09-02 00:50 - 04095448 _____ (BrightFort LLC ) C:\Users\Username\Downloads\spywareblastersetup50.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 00001102 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-09-02 00:50 - 2013-09-02 00:50 - 00000000 ____D C:\ProgramData\Licenses
2013-09-02 00:50 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-09-02 00:44 - 2013-09-02 00:44 - 00000000 ____D C:\Users\Username\AppData\Roaming\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00001138 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 00:42 - 2013-09-02 00:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Username\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 18:05 - 2013-09-01 18:05 - 00002167 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-08-29 19:25 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-29 19:25 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-24 17:51 - 2013-08-24 17:51 - 00002058 _____ C:\Users\Username\Desktop\JDownloader.lnk
2013-08-23 23:31 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-23 23:31 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-23 23:31 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-23 23:31 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-23 23:31 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-23 23:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-23 23:31 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-23 23:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-23 23:31 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-23 23:31 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-23 23:31 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-23 23:31 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-23 23:17 - 2013-08-23 23:17 - 00000000 ____D C:\NvidiaLogging
2013-08-23 23:16 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-23 23:15 - 2013-08-23 23:15 - 00000000 ____D C:\Users\Userna~1\AppData\Local\NVIDIA
2013-08-23 23:11 - 2013-08-23 23:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-23 23:08 - 2013-08-24 15:54 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-23 23:07 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-08-23 23:07 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00432928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00372000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-08-23 23:07 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-08-23 23:07 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-08-23 21:23 - 2013-09-03 22:58 - 00000000 ____D C:\Users\Username\AppData\Roaming\vlc
2013-08-23 21:02 - 2013-08-23 21:02 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-23 20:28 - 2013-08-23 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-23 18:59 - 2013-09-04 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 18:16 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-23 18:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-23 18:16 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-23 18:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-23 18:16 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-23 18:16 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-23 18:16 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-23 18:16 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-23 18:16 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-23 18:16 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-04 22:33 - 2013-09-04 22:33 - 01950668 _____ (Farbar) C:\Users\Username\Desktop\FRST64(1).exe
2013-09-04 20:56 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:56 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:55 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-04 20:55 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-04 20:55 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 20:49 - 2013-09-04 18:41 - 00001133 _____ C:\Windows\setupact.log
2013-09-04 20:49 - 2012-09-24 01:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-04 20:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 18:45 - 2013-07-20 14:41 - 01709181 _____ C:\Windows\WindowsUpdate.log
2013-09-04 18:41 - 2013-09-04 18:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 18:41 - 2012-09-24 00:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-04 01:19 - 2013-09-02 00:50 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-04 00:39 - 2013-09-04 00:39 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-04 00:39 - 2013-09-04 00:39 - 00000000 ____D C:\Users\Username\AppData\Roaming\Mozilla
2013-09-04 00:39 - 2013-09-04 00:38 - 22240760 _____ (Mozilla) C:\Users\Username\Downloads\Firefox_Setup_23.0.1.exe
2013-09-04 00:39 - 2013-08-23 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 22:58 - 2013-08-23 21:23 - 00000000 ____D C:\Users\Username\AppData\Roaming\vlc
2013-09-02 21:31 - 2013-09-02 21:31 - 00000000 ____D C:\FRST
2013-09-02 21:29 - 2013-09-02 21:29 - 00000000 _____ C:\Users\Username\defogger_reenable
2013-09-02 21:29 - 2012-09-24 00:38 - 00000000 ____D C:\Users\Username
2013-09-02 21:28 - 2013-09-02 21:28 - 00050477 _____ C:\Users\Username\Desktop\Defogger.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 04095448 _____ (BrightFort LLC ) C:\Users\Username\Downloads\spywareblastersetup50.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 00001102 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-09-02 00:50 - 2013-09-02 00:50 - 00000000 ____D C:\ProgramData\Licenses
2013-09-02 00:44 - 2013-09-02 00:44 - 00000000 ____D C:\Users\Username\AppData\Roaming\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00001138 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:42 - 2013-09-02 00:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Username\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 21:07 - 2012-10-09 00:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-01 20:31 - 2012-09-24 00:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 18:05 - 2013-09-01 18:05 - 00002167 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-09-01 18:05 - 2013-07-19 16:56 - 00000000 ____D C:\Users\Username\AppData\Roaming\Rovio Entertainment Ltd
2013-08-31 20:38 - 2012-11-13 20:40 - 00451249 ____R C:\Windows\system32\Drivers\etc\hosts.20130901.backup
2013-08-29 19:26 - 2012-09-24 01:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-24 19:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 17:57 - 2012-09-27 19:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-24 17:51 - 2013-08-24 17:51 - 00002058 _____ C:\Users\Username\Desktop\JDownloader.lnk
2013-08-24 17:40 - 2012-09-24 21:45 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-24 17:40 - 2012-09-24 21:45 - 00000000 ____D C:\Program Files\CCleaner
2013-08-24 17:40 - 2012-09-24 01:32 - 00000000 ____D C:\Windows\Panther
2013-08-24 15:54 - 2013-08-23 23:08 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-24 15:38 - 2012-12-07 20:18 - 00000022 _____ C:\Windows\GPU-Z.INI
2013-08-23 23:29 - 2013-07-22 21:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 23:29 - 2012-10-31 20:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 23:26 - 2012-09-24 19:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-23 23:17 - 2013-08-23 23:17 - 00000000 ____D C:\NvidiaLogging
2013-08-23 23:17 - 2012-09-24 01:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-23 23:15 - 2013-08-23 23:15 - 00000000 ____D C:\Users\Userna~1\AppData\Local\NVIDIA
2013-08-23 23:15 - 2012-09-24 01:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-23 23:11 - 2013-08-23 23:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-23 22:39 - 2012-11-13 20:40 - 00451249 ____R C:\Windows\system32\Drivers\etc\hosts.20130831-203828.backup
2013-08-23 21:02 - 2013-08-23 21:02 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-23 20:56 - 2012-10-16 17:51 - 00000000 ____D C:\Users\Username\AppData\Roaming\foobar2000
2013-08-23 20:42 - 2012-09-24 00:45 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-23 20:29 - 2013-08-23 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-20 15:33 - 2013-08-29 19:25 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-08-29 19:25 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 15:32 - 2013-08-23 23:16 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
Files to move or delete:
====================
C:\Users\Userna~1\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-23 19:58
==================== End Of Log ============================
--- --- ---
--- --- ---
