Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bobrowser (https://www.trojaner-board.de/165682-bobrowser.html)

Balim 05.04.2015 00:50
Eigentlich hatte ich es genauso gemacht, na ja hab es jetzt erneut gemacht.....
Gruß Balim


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ergan (administrator) on ERGAN-PC on 05-04-2015 01:46:10
Running from C:\Users\Ergan\Downloads
Loaded Profiles: Ergan (Available profiles: Ergan & Deniz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2014-12-11] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3219620770-197578698-1071931620-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3219620770-197578698-1071931620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ergan\AppData\Roaming\Mozilla\Firefox\Profiles\kymnw30f.default-1427443679666
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-28] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Ergan\AppData\Roaming\Mozilla\Firefox\Profiles\kymnw30f.default-1427443679666\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-22]
FF HKU\S-1-5-21-3219620770-197578698-1071931620-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Ergan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-02-08 14:08 - 6115-02-08 14:08 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\SUPERAntiSpyware.com
2099-02-08 14:04 - 2011-08-10 08:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2099-02-08 14:04 - 2011-08-05 17:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2099-02-08 14:04 - 2011-08-05 17:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2099-02-08 14:02 - 6115-02-08 14:02 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\WinRAR
2015-04-03 16:01 - 2015-04-03 16:02 - 00011523 _____ () C:\Users\Ergan\Downloads\Addition.txt
2015-04-03 16:00 - 2015-04-05 01:46 - 00011200 _____ () C:\Users\Ergan\Downloads\FRST.txt
2015-04-03 15:59 - 2015-04-03 15:59 - 02095616 _____ (Farbar) C:\Users\Ergan\Downloads\FRST64.exe
2015-04-03 15:54 - 2015-04-03 15:54 - 00000625 _____ () C:\Users\Ergan\Desktop\JRT I.txt
2015-04-03 15:53 - 2015-04-03 15:53 - 00000625 _____ () C:\Users\Ergan\Desktop\JRT.txt
2015-04-03 15:48 - 2015-04-03 15:48 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERGAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 15:48 - 2015-04-03 15:48 - 00000000 ____D () C:\RegBackup
2015-04-03 15:47 - 2015-04-03 15:47 - 02690981 _____ (Thisisu) C:\Users\Ergan\Downloads\JRT.exe
2015-04-03 15:38 - 2015-04-03 15:38 - 00000000 ____D () C:\Users\Ergan\Documents\ad
2015-04-02 22:56 - 2015-04-02 22:56 - 02208768 _____ () C:\Users\Ergan\Downloads\AdwCleaner_4.200(1).exe
2015-04-02 17:51 - 2015-04-02 17:51 - 02208768 _____ () C:\Users\Ergan\Downloads\AdwCleaner_4.200.exe
2015-04-02 17:22 - 2015-04-02 17:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 17:21 - 2015-04-02 17:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ergan\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 18:46 - 2015-04-01 18:46 - 00015391 _____ () C:\ComboFix.txt
2015-04-01 18:40 - 2015-04-01 18:40 - 00000000 _____ () C:\Windows\SysWOW64\shoA6E.tmp
2015-04-01 18:01 - 2015-04-01 18:46 - 00000000 ____D () C:\Qoobox
2015-04-01 18:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-01 18:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-01 18:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-01 17:55 - 2015-04-01 17:55 - 00013324 _____ () C:\Users\Ergan\Desktop\ComboFix - Verknüpfung.lnk
2015-04-01 17:47 - 2015-04-01 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-03-31 19:45 - 2015-04-05 01:46 - 00000000 ____D () C:\FRST
2015-03-31 18:57 - 2015-03-31 18:57 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\SoftGrid Client
2015-03-28 15:56 - 2015-03-28 16:02 - 00000000 ____D () C:\Users\Deniz\Desktop\Rap
2015-03-25 14:58 - 2015-03-25 14:58 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2015-03-25 12:47 - 2015-03-25 12:47 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\SoftGrid Client
2015-03-25 12:47 - 2015-03-25 12:47 - 00000000 ____D () C:\Users\Deniz\AppData\Local\SoftGrid Client
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-03-25 12:40 - 2015-03-25 12:40 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-03-25 12:38 - 2015-03-25 12:41 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\TP
2015-03-24 22:42 - 2015-03-27 10:08 - 00000000 ____D () C:\Users\Ergan\Desktop\Alte Firefox-Daten
2015-03-24 19:51 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:51 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 16:35 - 2015-03-22 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 14:56 - 2015-03-22 14:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-22 11:46 - 2015-03-22 11:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-22 11:46 - 2015-03-22 11:46 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-22 11:44 - 2015-03-22 14:54 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-11 05:29 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 05:29 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 05:29 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 05:29 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 05:28 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 05:28 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 05:28 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 05:28 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 05:28 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 05:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 05:28 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 05:28 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 05:28 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 05:28 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 05:28 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 05:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 05:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 05:28 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 05:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 05:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 05:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 05:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 05:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 05:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 05:28 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 05:28 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 05:28 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 05:28 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 05:27 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 05:27 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 05:27 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 05:27 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 05:27 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 05:27 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 05:27 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 05:27 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 05:27 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 05:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 05:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 05:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 05:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 05:27 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 05:27 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 05:27 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 05:27 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 05:27 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 05:27 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 05:27 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 05:27 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 05:27 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 05:27 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 05:27 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 05:27 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 05:27 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 05:27 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 05:27 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 05:27 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 05:27 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 05:27 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 05:27 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 05:27 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 05:27 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 05:27 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 05:27 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 05:27 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 05:27 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 05:27 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 05:27 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 05:27 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 05:27 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 05:27 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 05:27 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 05:27 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 05:27 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 05:27 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 05:27 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 05:27 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 05:27 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 05:27 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 05:27 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 05:27 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 05:27 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 05:27 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 05:27 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 05:27 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 05:27 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 05:27 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 05:27 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 05:27 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 05:27 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 05:27 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 05:27 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 05:27 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 05:27 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 05:27 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 05:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 05:27 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 05:27 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 05:27 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 05:27 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 05:27 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 05:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 05:27 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 05:27 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 05:27 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 05:27 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 11:56 - 2015-04-01 18:40 - 00004572 _____ () C:\Windows\PFRO.log
2015-03-08 04:49 - 2015-03-28 13:58 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-08 04:48 - 2015-03-31 17:38 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\DVDVideoSoft
2015-03-08 01:38 - 2015-03-08 01:38 - 00001786 _____ () C:\Users\Deniz\Desktop\easy Sports-Graphics 5.0 Demo.lnk
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Users\Deniz\Documents\easysportsgraphics
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easy Sports-Graphics 5.0 Demo
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Program Files (x86)\easy Sports-Graphics 5.0 Demo
2015-03-07 20:58 - 2015-04-04 01:13 - 00010749 _____ () C:\Windows\setupact.log
2015-03-07 20:58 - 2015-03-07 20:58 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-02-08 13:54 - 2015-01-15 18:05 - 00000000 ____D () C:\Users\Deniz\AppData\Local\Google
2015-04-05 01:42 - 2015-02-23 03:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 01:42 - 2014-12-11 19:52 - 01058745 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 02:15 - 2015-02-23 01:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 15:49 - 2009-07-14 06:45 - 00015600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:49 - 2009-07-14 06:45 - 00015600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:47 - 2009-07-14 19:58 - 00699794 _____ () C:\Windows\system32\perfh007.dat
2015-04-03 15:47 - 2009-07-14 19:58 - 00149644 _____ () C:\Windows\system32\perfc007.dat
2015-04-03 15:47 - 2009-07-14 07:13 - 01620836 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 15:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 15:39 - 2015-02-09 20:47 - 00000000 ____D () C:\AdwCleaner
2015-04-02 17:22 - 2015-02-23 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 17:22 - 2015-02-23 01:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-01 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-01 18:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 18:00 - 2014-12-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-31 17:38 - 2014-12-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-31 17:38 - 2014-12-19 08:07 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-31 17:38 - 2014-12-19 08:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-31 17:38 - 2014-12-19 08:03 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\DVDVideoSoft
2015-03-28 16:02 - 2014-12-13 11:19 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\vlc
2015-03-28 13:55 - 2014-12-11 21:34 - 00000000 ____D () C:\Users\Deniz\AppData\Local\Adobe
2015-03-28 13:54 - 2015-02-23 03:00 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 13:54 - 2015-02-23 03:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 13:54 - 2015-02-23 03:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-25 12:39 - 2014-12-13 18:30 - 01648454 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-25 12:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-25 04:17 - 2014-12-11 21:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 04:17 - 2014-12-11 21:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 22:30 - 2014-12-14 00:41 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\Apple Computer
2015-03-22 20:22 - 2015-02-08 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 11:48 - 2009-01-01 08:36 - 00000000 ____D () C:\Users\Ergan\AppData\Local\Adobe
2015-03-17 06:15 - 2015-02-23 01:23 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-23 01:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-23 01:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 05:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 04:35 - 2009-07-14 06:45 - 00327672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 04:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 04:08 - 2014-12-11 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 04:05 - 2014-12-11 21:18 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 15:59 - 2015-02-28 18:37 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-10 15:59 - 2015-02-28 18:35 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 15:59 - 2015-02-28 18:35 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 23:44 - 2015-02-09 22:30 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-08 02:56 - 2014-12-11 21:25 - 00000000 ____D () C:\Users\Deniz\AppData\Local\VirtualStore
2015-03-07 17:49 - 2014-12-11 21:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-07 17:49 - 2014-12-11 21:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-07 03:08 - 2014-12-11 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\FGGM
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\IPKMW
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\KXLUSGZ
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\OCRFX
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\QMDRF
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\WAOVER

Some content of TEMP:
====================
C:\Users\Ergan\AppData\Local\Temp\avgnt.exe
C:\Users\Ergan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ergan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 05:49

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 05.04.2015 13:15
Du siehst aber doch hoffentlich selbst den Unterschied zwischen dem Log jetzt und dem von dir geposteten ;)



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Balim 06.04.2015 01:32
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3294bd135084c343b90cce7a7a8ab494
# engine=23244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-05 01:58:40
# local_time=2015-04-05 03:58:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3104533 179872170 0 0
# scanned=153725
# found=20
# cleaned=0
# scan_time=3944
sh=5DDF3496088CB6522824807CCDF072E36B284840 ft=1 fh=41f3df3104ca837e vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$R942V5J.exe"
sh=3B95C8AFECF3F7F21FD166C3DBA1E0B3F8E4A2A7 ft=1 fh=41f3df314ede3f40 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RACCLO9.exe"
sh=A44BBE9F1ADD3C011245D735A81089C847147270 ft=1 fh=41f3df3149242713 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RAVN1KO.exe"
sh=F8C65BCD76546BEF2257AFB90B032EC43BDEF15E ft=1 fh=e287ed49477546ff vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RC5QICE.exe"
sh=724A58F7FBBB8182D5DD87B2C3A0303E18E407B3 ft=1 fh=41f3df31751a4713 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RKY1FJY.exe"
sh=6146A62667B95038CBCAC69E205B45624B1403D2 ft=1 fh=41f3df31ddc2c02b vn="Variante von Win32/Adware.MultiPlug.GX Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RV3EBBS.exe"
sh=13634F115940FC85BDB3EC054E87996BC2A37237 ft=1 fh=41f3df3131ec58de vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RWQM5PJ.exe"
sh=91D0AEDDA4E51B1A4F0FECE104083179D52D5618 ft=1 fh=790cb7a16dcf0f95 vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3219620770-197578698-1071931620-1000\$RXYD0DM.exe"
sh=B06EE6E97D30DB38C3E8FEA66B396DB00EC79616 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\default_apps\crossbrowser.crx.vir"
sh=05F6C33F5A45CD34A9CAF61E295E886922448732 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\Installer\chrome.7z.vir"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ergan\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_1\extensionData\plugins\91.js.vir"
sh=C7BABD68507D2D1CE674558BA82D9F9F3AED0098 ft=1 fh=5ea21da900efcf02 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=DCA213C540EF001778FAEB054F2FE44C982E59E1 ft=1 fh=291e8864a1370e5c vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLNJOJN2\2015022855185[1].exe"
sh=E57D35B193E9B97D5508EF0EDB9A21EAC071ECF1 ft=1 fh=c10de000fab736ae vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLNJOJN2\ReimagePackage1808x64g[1].exe"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\FGGM"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\IPKMW"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\KXLUSGZ"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\OCRFX"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\QMDRF"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ergan\AppData\Roaming\WAOVER"

Danke Schrauber habe alles gemacht und zuletzt security check runtergeladen, beim Versuch zur Ausführung krieg ich diese Meldung:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Sonst tut sich nichts habe ich das Gefühl, ist das so richti?
Gruß Balim

schrauber 06.04.2015 14:41
Passt, das frische FRST log fehlt noch.

Balim 06.04.2015 15:17
ok erledigt :-)
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ergan (administrator) on ERGAN-PC on 06-04-2015 16:15:36
Running from C:\Users\Ergan\Downloads
Loaded Profiles: Ergan (Available profiles: Ergan & Deniz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2014-12-11] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3219620770-197578698-1071931620-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3219620770-197578698-1071931620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ergan\AppData\Roaming\Mozilla\Firefox\Profiles\kymnw30f.default-1427443679666
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-28] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Ergan\AppData\Roaming\Mozilla\Firefox\Profiles\kymnw30f.default-1427443679666\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-22]
FF HKU\S-1-5-21-3219620770-197578698-1071931620-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Ergan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-02-08 14:08 - 6115-02-08 14:08 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\SUPERAntiSpyware.com
2099-02-08 14:04 - 2011-08-10 08:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2099-02-08 14:04 - 2011-08-05 17:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2099-02-08 14:04 - 2011-08-05 17:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2099-02-08 14:02 - 6115-02-08 14:02 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\WinRAR
2015-04-06 10:33 - 2015-04-06 10:33 - 00852607 _____ () C:\Users\Ergan\Downloads\SecurityCheck(2).exe
2015-04-06 02:39 - 2015-04-06 02:39 - 00852607 _____ () C:\Users\Ergan\Downloads\SecurityCheck(1).exe
2015-04-06 02:22 - 2015-04-06 02:22 - 00013387 _____ () C:\Users\Ergan\Desktop\SecurityCheck - Verknüpfung.lnk
2015-04-06 02:21 - 2015-04-06 02:21 - 00000041 _____ () C:\Users\Ergan\Desktop\checkup.txt
2015-04-06 02:19 - 2015-04-06 02:19 - 00852607 _____ () C:\Users\Ergan\Downloads\SecurityCheck.exe
2015-04-05 14:47 - 2015-04-05 14:47 - 02347384 _____ (ESET) C:\Users\Ergan\Downloads\esetsmartinstaller_deu.exe
2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 16:01 - 2015-04-03 16:02 - 00011523 _____ () C:\Users\Ergan\Downloads\Addition.txt
2015-04-03 16:00 - 2015-04-06 16:15 - 00011200 _____ () C:\Users\Ergan\Downloads\FRST.txt
2015-04-03 15:59 - 2015-04-03 15:59 - 02095616 _____ (Farbar) C:\Users\Ergan\Downloads\FRST64.exe
2015-04-03 15:54 - 2015-04-03 15:54 - 00000625 _____ () C:\Users\Ergan\Desktop\JRT I.txt
2015-04-03 15:53 - 2015-04-03 15:53 - 00000625 _____ () C:\Users\Ergan\Desktop\JRT.txt
2015-04-03 15:48 - 2015-04-03 15:48 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERGAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 15:48 - 2015-04-03 15:48 - 00000000 ____D () C:\RegBackup
2015-04-03 15:47 - 2015-04-03 15:47 - 02690981 _____ (Thisisu) C:\Users\Ergan\Downloads\JRT.exe
2015-04-03 15:38 - 2015-04-03 15:38 - 00000000 ____D () C:\Users\Ergan\Documents\ad
2015-04-02 22:56 - 2015-04-02 22:56 - 02208768 _____ () C:\Users\Ergan\Downloads\AdwCleaner_4.200(1).exe
2015-04-02 17:51 - 2015-04-02 17:51 - 02208768 _____ () C:\Users\Ergan\Downloads\AdwCleaner_4.200.exe
2015-04-02 17:22 - 2015-04-02 17:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 17:21 - 2015-04-02 17:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ergan\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 18:46 - 2015-04-01 18:46 - 00015391 _____ () C:\ComboFix.txt
2015-04-01 18:40 - 2015-04-01 18:40 - 00000000 _____ () C:\Windows\SysWOW64\shoA6E.tmp
2015-04-01 18:01 - 2015-04-01 18:46 - 00000000 ____D () C:\Qoobox
2015-04-01 18:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-01 18:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-01 18:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-01 18:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-01 17:55 - 2015-04-01 17:55 - 00013324 _____ () C:\Users\Ergan\Desktop\ComboFix - Verknüpfung.lnk
2015-04-01 17:47 - 2015-04-01 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-03-31 19:45 - 2015-04-06 16:15 - 00000000 ____D () C:\FRST
2015-03-31 18:57 - 2015-03-31 18:57 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\SoftGrid Client
2015-03-28 15:56 - 2015-03-28 16:02 - 00000000 ____D () C:\Users\Deniz\Desktop\Rap
2015-03-25 14:58 - 2015-03-25 14:58 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2015-03-25 12:47 - 2015-03-25 12:47 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\SoftGrid Client
2015-03-25 12:47 - 2015-03-25 12:47 - 00000000 ____D () C:\Users\Deniz\AppData\Local\SoftGrid Client
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-03-25 12:40 - 2015-03-25 12:40 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-25 12:39 - 2015-03-25 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-03-25 12:38 - 2015-03-25 12:41 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\TP
2015-03-24 22:42 - 2015-03-27 10:08 - 00000000 ____D () C:\Users\Ergan\Desktop\Alte Firefox-Daten
2015-03-24 19:51 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:51 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:51 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:51 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 16:35 - 2015-03-22 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 14:56 - 2015-03-22 14:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-22 11:46 - 2015-03-22 11:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-22 11:46 - 2015-03-22 11:46 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-22 11:44 - 2015-03-22 14:54 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-11 05:29 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 05:29 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 05:29 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 05:29 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 05:29 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 05:29 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 05:28 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 05:28 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 05:28 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 05:28 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 05:28 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 05:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 05:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 05:28 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 05:28 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 05:28 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 05:28 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 05:28 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 05:28 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 05:28 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 05:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 05:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 05:28 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 05:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 05:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 05:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 05:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 05:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 05:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 05:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 05:28 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 05:28 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 05:28 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 05:28 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 05:27 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 05:27 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 05:27 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 05:27 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 05:27 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 05:27 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 05:27 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 05:27 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 05:27 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 05:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 05:27 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 05:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 05:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 05:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 05:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 05:27 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 05:27 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 05:27 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 05:27 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 05:27 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 05:27 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 05:27 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 05:27 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 05:27 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 05:27 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 05:27 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 05:27 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 05:27 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 05:27 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 05:27 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 05:27 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 05:27 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 05:27 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 05:27 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 05:27 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 05:27 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 05:27 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 05:27 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 05:27 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 05:27 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 05:27 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 05:27 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 05:27 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 05:27 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 05:27 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 05:27 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 05:27 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 05:27 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 05:27 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 05:27 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 05:27 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 05:27 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 05:27 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 05:27 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 05:27 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 05:27 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 05:27 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 05:27 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 05:27 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 05:27 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 05:27 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 05:27 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 05:27 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 05:27 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 05:27 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 05:27 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 05:27 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 05:27 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 05:27 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 05:27 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 05:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 05:27 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 05:27 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 05:27 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 05:27 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 05:27 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 05:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 05:27 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 05:27 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 05:27 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 05:27 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 11:56 - 2015-04-01 18:40 - 00004572 _____ () C:\Windows\PFRO.log
2015-03-08 04:49 - 2015-03-28 13:58 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-08 04:48 - 2015-03-31 17:38 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\DVDVideoSoft
2015-03-08 01:38 - 2015-03-08 01:38 - 00001786 _____ () C:\Users\Deniz\Desktop\easy Sports-Graphics 5.0 Demo.lnk
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Users\Deniz\Documents\easysportsgraphics
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easy Sports-Graphics 5.0 Demo
2015-03-08 01:38 - 2015-03-08 01:38 - 00000000 ____D () C:\Program Files (x86)\easy Sports-Graphics 5.0 Demo
2015-03-07 20:58 - 2015-04-04 01:13 - 00010749 _____ () C:\Windows\setupact.log
2015-03-07 20:58 - 2015-03-07 20:58 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-02-08 13:54 - 2015-01-15 18:05 - 00000000 ____D () C:\Users\Deniz\AppData\Local\Google
2015-04-06 15:45 - 2014-12-11 19:52 - 01156588 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 15:32 - 2015-02-23 03:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 02:15 - 2015-02-23 01:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 15:49 - 2009-07-14 06:45 - 00015600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:49 - 2009-07-14 06:45 - 00015600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:47 - 2009-07-14 19:58 - 00699794 _____ () C:\Windows\system32\perfh007.dat
2015-04-03 15:47 - 2009-07-14 19:58 - 00149644 _____ () C:\Windows\system32\perfc007.dat
2015-04-03 15:47 - 2009-07-14 07:13 - 01620836 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 15:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 15:39 - 2015-02-09 20:47 - 00000000 ____D () C:\AdwCleaner
2015-04-02 17:22 - 2015-02-23 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 17:22 - 2015-02-23 01:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-01 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-01 18:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 18:00 - 2014-12-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-31 17:38 - 2014-12-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-31 17:38 - 2014-12-19 08:07 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-31 17:38 - 2014-12-19 08:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-31 17:38 - 2014-12-19 08:03 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\DVDVideoSoft
2015-03-28 16:02 - 2014-12-13 11:19 - 00000000 ____D () C:\Users\Deniz\AppData\Roaming\vlc
2015-03-28 13:55 - 2014-12-11 21:34 - 00000000 ____D () C:\Users\Deniz\AppData\Local\Adobe
2015-03-28 13:54 - 2015-02-23 03:00 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 13:54 - 2015-02-23 03:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 13:54 - 2015-02-23 03:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-25 12:39 - 2014-12-13 18:30 - 01648454 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-25 12:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-25 04:17 - 2014-12-11 21:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 04:17 - 2014-12-11 21:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 22:30 - 2014-12-14 00:41 - 00000000 ____D () C:\Users\Ergan\AppData\Roaming\Apple Computer
2015-03-22 20:22 - 2015-02-08 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 11:48 - 2009-01-01 08:36 - 00000000 ____D () C:\Users\Ergan\AppData\Local\Adobe
2015-03-17 06:15 - 2015-02-23 01:23 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-23 01:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-23 01:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 05:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 04:35 - 2009-07-14 06:45 - 00327672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 04:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 04:08 - 2014-12-11 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 04:05 - 2014-12-11 21:18 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 15:59 - 2015-02-28 18:37 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-10 15:59 - 2015-02-28 18:35 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 15:59 - 2015-02-28 18:35 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 23:44 - 2015-02-09 22:30 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-08 02:56 - 2014-12-11 21:25 - 00000000 ____D () C:\Users\Deniz\AppData\Local\VirtualStore
2015-03-07 17:49 - 2014-12-11 21:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-07 17:49 - 2014-12-11 21:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-07 03:08 - 2014-12-11 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\FGGM
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\IPKMW
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\KXLUSGZ
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Ergan\AppData\Roaming\OCRFX
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\QMDRF
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Ergan\AppData\Roaming\WAOVER

Some content of TEMP:
====================
C:\Users\Ergan\AppData\Local\Temp\avgnt.exe
C:\Users\Ergan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ergan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 05:04

==================== End Of Log ============================
--- --- ---

schrauber 06.04.2015 18:17
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$RECYCLE.BIN
C:\Users\Ergan\AppData\Roaming\FGGM
C:\Users\Ergan\AppData\Roaming\IPKMW
C:\Users\Ergan\AppData\Roaming\KXLUSGZ
C:\Users\Ergan\AppData\Roaming\OCRFX
C:\Users\Ergan\AppData\Roaming\QMDRF
C:\Users\Ergan\AppData\Roaming\WAOVER
Task: {0CF219D5-EBD4-46EA-8CB0-EF176C6900A6} - System32\Tasks\FGGM => C:\Users\Ergan\AppData\Roaming\FGGM.exe <==== ATTENTION

Task: {1254E5A9-6C9B-4F60-9949-044451AF8069} - System32\Tasks\KXLUSGZ => C:\Users\Ergan\AppData\Roaming\KXLUSGZ.exe <==== ATTENTION

Task: {237CDCAB-990C-44D0-B6C0-B56AC3AF7056} - System32\Tasks\OCRFX => C:\Users\Ergan\AppData\Roaming\OCRFX.exe <==== ATTENTION

Task: {47D797E4-4F5B-4E2B-B5CD-AFFDB9C16103} - System32\Tasks\WAOVER => C:\Users\Ergan\AppData\Roaming\WAOVER.exe <==== ATTENTION

Task: {7F62714A-EBF3-4A4C-9781-B01A4EEA9E54} - System32\Tasks\IPKMW => C:\Users\Ergan\AppData\Roaming\IPKMW.exe <==== ATTENTION

Task: {8D4A2300-7052-452C-8586-53AD7819D267} - System32\Tasks\QMDRF => C:\Users\Ergan\AppData\Roaming\QMDRF.exe <==== ATTENTION

Task: C:\Windows\Tasks\FGGM.job => C:\Users\Ergan\AppData\Roaming\FGGM.exe <==== ATTENTION

Task: C:\Windows\Tasks\IPKMW.job => C:\Users\Ergan\AppData\Roaming\IPKMW.exe <==== ATTENTION

Task: C:\Windows\Tasks\KXLUSGZ.job => C:\Users\Ergan\AppData\Roaming\KXLUSGZ.exe <==== ATTENTION

Task: C:\Windows\Tasks\OCRFX.job => C:\Users\Ergan\AppData\Roaming\OCRFX.exe <==== ATTENTION

Task: C:\Windows\Tasks\QMDRF.job => C:\Users\Ergan\AppData\Roaming\QMDRF.exe <==== ATTENTION

Task: C:\Windows\Tasks\WAOVER.job => C:\Users\Ergan\AppData\Roaming\WAOVER.exe <==== ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Balim 07.04.2015 02:36
Hallo Schrauber,
erstmal nochmals vielen Dank....ich habe die ersten Schritte befolgt und kriege, wenn ich FRST neu starte und fix klicke, erscheint die Meldung:
The fixlist.txt found
The fixlist.txt should be in the same folder/directory the tool is loocated...
Mehr passiert nicht...
Gruß Balim

schrauber 07.04.2015 17:27
Dann mach das was in der Fehlermeldung steht, und pack die fixlist zu FRST, also in den Downloadordner :)

Balim 08.04.2015 23:54
Hallo Schrauber,
wenn ich combofix/uninstall eingebe, kommt eine Fehlermeldung..combofix st nicht im verzeichnis

Ich weiß leider nicht, was jetzt wieder hier falsch war?

schrauber 09.04.2015 17:38
Liegt Combofix auf dem Desktop? Leerzeichen vor /Uninstall vergessen?

Balim 09.04.2015 23:23
Nein combofix ist weg...??

schrauber 10.04.2015 15:31
Dann mach gleich mit Delfix weiter :)

Balim 11.04.2015 00:27
Hallo Schrauber, ich dachte jetzt bin ich das Übel los...aber leider nein :-(
Hab gerade ein Ebook, was ich per email erhalten habe öffnen wollen und habe zu meinem Übel feststellen müssen...es kommt immer noch die Meldung, Datei öffnen mit Bobrowser HTML....bin wirklich ratlos...hab ich was falsch gemacht?
gruß Balim

schrauber 11.04.2015 10:44
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    BoBrowser
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Balim 12.04.2015 22:38
SystemLook 30.07.11 by jpshortstuff
Log created at 23:35 on 12/04/2015 by Ergan
Administrator - Elevation successful

========== regfind ==========

Searching for "BoBrowser"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
"Path"="C:\Users\Ergan\AppData\Local\BoBrowser\Application"
[HKEY_CURRENT_USER\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY]
@="BoBrowser HTML Document"
[HKEY_CURRENT_USER\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\DefaultIcon]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe,0"
[HKEY_CURRENT_USER\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\shell\open\command]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
"ServerExecutable"="C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY]
@="BoBrowser HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\DefaultIcon]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\shell\open\command]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BoBrowser.YDTLTGDWIILLI2BHTG3ZXCDJRY"="Software\Clients\StartMenuInternet\BoBrowser.YDTLTGDWIILLI2BHTG3ZXCDJRY\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"BoBrowser.YDTLTGDWIILLI2BHTG3ZXCDJRY"="Software\Clients\StartMenuInternet\BoBrowser.YDTLTGDWIILLI2BHTG3ZXCDJRY\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D710FAF-551E-4FDB-B686-B231E67F871B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe|Name =Chromium (mDNS-In)|Desc=Eingangsregel für die Zulassung von mDNS-Verkehr in Chromium|EmbedCtxt=BoBrowser|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D710FAF-551E-4FDB-B686-B231E67F871B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe|Name =Chromium (mDNS-In)|Desc=Eingangsregel für die Zulassung von mDNS-Verkehr in Chromium|EmbedCtxt=BoBrowser|"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe]
"Path"="C:\Users\Ergan\AppData\Local\BoBrowser\Application"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY]
@="BoBrowser HTML Document"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\DefaultIcon]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe,0"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\shell\open\command]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000\Software\Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
"ServerExecutable"="C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000_Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY]
@="BoBrowser HTML Document"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000_Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\DefaultIcon]
@="C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe,0"
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000_Classes\BoBrowsHTM.YDTLTGDWIILLI2BHTG3ZXCDJRY\shell\open\command]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\bobrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000_Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
@=""C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3219620770-197578698-1071931620-1000_Classes\Wow6432Node\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\LocalServer32]
"ServerExecutable"="C:\Users\Ergan\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe"

-= EOF =-


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:20 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131