Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Text Link doppelt markiert mit Popup im Browser [Holen Media Player]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2014, 13:29   #1
Nocture
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Hallo Leute,

Ich bin seid heute angemelded und habe ein Problem.

Bei mir erscheinen immer im Browser, wo Texte doppelt markiert werden in Grün. Wenn ich darauf klicke steht da "Holen Media Player". Das ist ziemlich nervig, wenn da immer so ein Popup geöffnet wird.

Alt 01.01.2014, 13:45   #2
aharonov
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Hallo,

mach bitte einen FRST-Scan:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.01.2014, 14:11   #3
Nocture
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Vinh (administrator) on VINH-PC on 01-01-2014 15:10:15
Running from C:\Users\Vinh\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Vinh\AppData\Roaming\Spotify\spotify.exe
(Electronic Arts) G:\Program Files (x86)\Origin\Origin.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Thermaltake) C:\Program Files (x86)\Thermaltake\Tt eSPORTS BLACK Element\BlackElement.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Logitech Inc.) E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Tt eSPORTS BLACK Element Gaming Mouse] - C:\Program Files (x86)\Thermaltake\Tt eSPORTS BLACK Element\BlackElement.exe [16889640 2010-12-08] (Thermaltake)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Vinh\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-07] (Spotify Ltd)
HKCU\...\Run: [EADM] - G:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-30] (Electronic Arts)
HKCU\...\Run: [Steam] - G:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vinh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-07] (Spotify Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-22] (Facebook Inc.)
Startup: C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CBC.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vinh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\Extensions\ich@maltegoetz.de
FF Extension: Websteroids - C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\Extensions\support@websteroidsapp.com
FF Extension: MEGA - C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Adblock Plus - C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 Thermnaltake MS2 Filter; C:\Windows\System32\Drivers\MS2Filter.sys [57072 2010-09-23] (Thermaltake)
R3 Thermnaltake MS2 Filter; C:\Windows\SysWow64\Drivers\MS2Filter.sys [31360 2010-09-23] (Thermaltake)
S3 athur; system32\DRIVERS\athurx.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cmuda3; system32\drivers\cmudax3.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 15:10 - 2014-01-01 15:10 - 00014414 _____ C:\Users\Vinh\Downloads\FRST.txt
2014-01-01 15:10 - 2014-01-01 15:10 - 00000000 ____D C:\FRST
2014-01-01 15:09 - 2014-01-01 15:09 - 01931302 _____ (Farbar) C:\Users\Vinh\Downloads\FRST64.exe
2014-01-01 14:44 - 2014-01-01 14:44 - 00000281 _____ C:\Users\Vinh\Desktop\Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Trojaner-Board.URL
2014-01-01 03:56 - 2014-01-01 03:56 - 02347384 _____ (ESET) C:\Users\Vinh\Downloads\esetsmartinstaller_enu.exe
2014-01-01 03:53 - 2014-01-01 03:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 03:52 - 2014-01-01 03:52 - 01034531 _____ (Thisisu) C:\Users\Vinh\Downloads\JRT.exe
2014-01-01 03:47 - 2014-01-01 03:47 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Malwarebytes
2014-01-01 03:47 - 2014-01-01 03:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 03:46 - 2014-01-01 03:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Vinh\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 03:46 - 2014-01-01 03:46 - 00031976 _____ C:\ComboFix.txt
2014-01-01 03:42 - 2014-01-01 03:46 - 00000000 ____D C:\Qoobox
2014-01-01 03:42 - 2014-01-01 03:45 - 00000000 ____D C:\Windows\erdnt
2014-01-01 03:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 03:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 03:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 03:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 03:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 03:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 03:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 03:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 03:40 - 2014-01-01 03:41 - 05160176 ____R (Swearware) C:\Users\Vinh\Downloads\ComboFix.exe
2014-01-01 03:36 - 2014-01-01 03:39 - 00000000 ____D C:\AdwCleaner
2014-01-01 03:36 - 2014-01-01 03:36 - 01233962 _____ C:\Users\Vinh\Downloads\adwcleaner_3.016.exe
2014-01-01 02:57 - 2014-01-01 02:57 - 00005340 _____ C:\Users\Vinh\Downloads\biBa-CSGO-gaming-config-November-2013.rar
2014-01-01 02:54 - 2014-01-01 02:54 - 00004562 _____ C:\Users\Vinh\Downloads\CS_GO gaming config by biBa.rar
2014-01-01 00:14 - 2014-01-01 00:14 - 00000272 _____ C:\Users\Vinh\Desktop\Eloboosting CHEAP And Fast.URL
2013-12-31 21:02 - 2013-12-31 21:02 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-31 21:01 - 2013-12-31 21:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-31 21:01 - 2013-12-31 21:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-31 21:01 - 2013-12-31 21:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-31 21:01 - 2013-12-31 21:01 - 00000000 ____D C:\Program Files\iPod
2013-12-31 17:17 - 2013-12-31 17:17 - 00000264 _____ C:\Users\Vinh\Desktop\Elo Boost for free.URL
2013-12-31 14:04 - 2013-12-31 14:04 - 00032816 _____ C:\Users\Vinh\Desktop\Unbenannt-1.psd
2013-12-31 12:43 - 2014-01-01 13:31 - 00001008 _____ C:\Windows\setupact.log
2013-12-31 12:43 - 2014-01-01 03:51 - 00010470 _____ C:\Windows\PFRO.log
2013-12-31 12:43 - 2013-12-31 12:43 - 00000000 _____ C:\Windows\setuperr.log
2013-12-31 00:52 - 2013-12-31 00:52 - 00000223 _____ C:\Users\Vinh\Desktop\LiveZilla Installation Part1 - YouTube.URL
2013-12-29 17:24 - 2013-11-23 20:26 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 12613920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-29 17:24 - 2013-11-23 20:26 - 11566648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 11441664 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 09663656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433193.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433193.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-29 17:24 - 2013-11-23 20:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-29 17:17 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-29 17:17 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-29 17:14 - 2013-12-29 17:14 - 00000000 ____D C:\Users\Vinh\AppData\Local\PAYDAY
2013-12-29 16:07 - 2013-12-29 16:07 - 00000221 _____ C:\Users\Vinh\Desktop\PAYDAY The Heist.url
2013-12-27 23:48 - 2013-12-27 23:48 - 00000219 _____ C:\Users\Vinh\Desktop\Counter-Strike Global Offensive.url
2013-12-27 21:06 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Vinh\Documents\Games for Windows - LIVE Demos
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Users\Vinh\AppData\Local\NBGI
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Ashampoo
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\Users\Vinh\AppData\Local\ashampoo
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\ProgramData\Ashampoo
2013-12-26 23:22 - 2014-01-01 03:51 - 00000000 ____D C:\ProgramData\Updater
2013-12-26 23:22 - 2014-01-01 03:51 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-25 16:55 - 2013-12-25 16:55 - 00000000 ____D C:\Program Files (x86)\avmwlanstick
2013-12-24 18:04 - 2013-12-24 18:04 - 00000000 ____D C:\Users\Vinh\Documents\Shadow Warrior
2013-12-24 16:51 - 2007-01-19 18:24 - 00025312 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2013-12-24 14:44 - 2013-12-24 14:44 - 00000222 _____ C:\Users\Vinh\Desktop\Shadow Warrior.url
2013-12-24 03:44 - 2013-12-24 03:48 - 00000000 ____D C:\Users\Vinh\Documents\onlineTV 8
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\Documents\Podcast Studio
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRANZIS
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\concept design
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Program Files (x86)\FRANZIS
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Program Files (x86)\concept design
2013-12-24 03:44 - 2012-03-01 11:08 - 00966144 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioInformation2.dll
2013-12-24 03:44 - 2012-03-01 11:08 - 00877568 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioFile2.dll
2013-12-24 03:44 - 2012-03-01 11:08 - 00634880 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioEditor2.dll
2013-12-24 03:44 - 2012-03-01 11:08 - 00522752 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioTransform2.dll
2013-12-24 03:44 - 2012-03-01 11:08 - 00467968 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioRecord2.dll
2013-12-24 03:44 - 2012-03-01 11:08 - 00467456 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioPlayer2.dll
2013-12-24 03:44 - 2012-02-11 21:07 - 00413696 _____ (Gabest) C:\Windows\SysWOW64\flvsplitter.ax
2013-12-24 03:44 - 2011-03-29 12:52 - 00962560 _____ (East Wind Software) C:\Windows\SysWOW64\advdaudio.ocx
2013-12-24 03:44 - 2011-03-29 12:52 - 00110080 _____ C:\Windows\SysWOW64\advd.dll
2013-12-24 03:44 - 2011-03-29 12:52 - 00023040 _____ C:\Windows\SysWOW64\auth.dll
2013-12-24 03:44 - 2003-08-07 14:01 - 00237568 _____ C:\Windows\SysWOW64\lame_enc.dll
2013-12-24 00:08 - 2014-01-01 02:05 - 00000000 ____D C:\Users\Vinh\AppData\Local\DayZ
2013-12-24 00:08 - 2013-12-24 00:08 - 00000000 ____D C:\Users\Vinh\Documents\DayZ
2013-12-23 18:20 - 2013-12-23 18:20 - 00000222 _____ C:\Users\Vinh\Desktop\DayZ.url
2013-12-23 02:16 - 2013-12-23 02:18 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Audacity
2013-12-23 02:16 - 2013-12-23 02:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-12-22 23:21 - 2014-01-01 14:26 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA.job
2013-12-22 23:21 - 2013-12-31 23:26 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core.job
2013-12-22 23:21 - 2013-12-22 23:21 - 00003898 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA
2013-12-22 23:21 - 2013-12-22 23:21 - 00003530 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core
2013-12-22 23:21 - 2013-12-22 23:21 - 00000000 ____D C:\Users\Vinh\AppData\Local\Facebook
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____D C:\Program Files\Realtek
2013-12-22 18:14 - 2013-12-22 18:14 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-22 18:14 - 2013-11-05 19:47 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-22 18:14 - 2013-11-05 18:54 - 38385664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-12-22 18:14 - 2013-11-05 15:48 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-22 18:14 - 2013-11-04 19:26 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-22 18:14 - 2013-11-04 11:11 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-22 18:14 - 2013-10-30 16:31 - 00929080 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2013-12-22 18:14 - 2013-10-28 17:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-22 18:14 - 2013-10-25 10:49 - 05751576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2013-12-22 18:14 - 2013-10-18 16:41 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-22 18:14 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-22 18:14 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-22 18:14 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-12-22 18:14 - 2013-10-09 20:13 - 01921792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-12-22 18:14 - 2013-10-09 20:13 - 01345280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-12-22 18:14 - 2013-10-09 20:13 - 01286400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 27644160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 14152960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 03714304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-12-22 18:14 - 2013-10-09 20:12 - 01012992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-12-22 18:14 - 2013-10-07 11:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-22 18:14 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-12-22 18:14 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-12-22 18:14 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-12-22 18:14 - 2013-10-02 17:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-22 18:14 - 2013-09-13 18:44 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-12-22 18:14 - 2013-09-10 04:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2013-12-22 18:14 - 2013-09-10 04:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2013-12-22 18:14 - 2013-09-10 04:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2013-12-22 18:14 - 2013-09-10 04:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2013-12-22 18:14 - 2013-09-09 15:32 - 05681192 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-12-22 18:14 - 2013-08-24 03:14 - 01014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-12-22 18:14 - 2013-08-24 03:14 - 00897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2013-12-22 18:14 - 2013-08-24 03:14 - 00722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2013-12-22 18:14 - 2013-08-24 03:14 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-12-22 18:14 - 2013-08-20 17:37 - 00605496 _____ C:\Windows\system32\audioLibVc.dll
2013-12-22 18:14 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-12-22 18:14 - 2013-08-14 16:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-12-22 18:14 - 2013-08-14 16:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2013-12-22 18:14 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-12-22 18:14 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-22 18:14 - 2013-07-23 15:39 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2013-12-22 18:14 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-12-22 18:14 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-12-22 18:14 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-12-22 18:14 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2013-12-22 18:14 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-22 18:14 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-12-22 18:14 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-12-22 18:14 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-12-22 18:14 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-12-22 18:14 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-12-22 18:14 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-12-22 18:14 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-22 18:14 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-12-22 18:14 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-12-22 18:14 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-22 18:14 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-22 18:14 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-12-22 18:14 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-12-22 18:14 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-12-22 18:14 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-12-22 18:14 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-12-22 18:14 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-12-22 18:14 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-22 18:14 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-22 18:14 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-22 18:14 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-12-22 18:14 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-12-22 18:14 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-12-22 18:14 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-12-22 18:14 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-12-22 18:14 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-12-20 10:56 - 2013-12-20 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 22:45 - 2013-12-18 14:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\.minecraft
2013-12-15 15:09 - 2013-12-15 15:12 - 00003028 _____ C:\Windows\System32\Tasks\AnVir Task Manager
2013-12-15 15:09 - 2013-12-15 15:10 - 00000000 ____D C:\Users\Vinh\AppData\Local\AnVir
2013-12-15 15:09 - 2013-12-15 15:09 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\ChemTable Software
2013-12-15 15:09 - 2013-12-15 15:09 - 00000000 ____D C:\Users\Vinh\AppData\Local\ChemTable Software
2013-12-14 20:54 - 2013-12-14 20:54 - 00000000 ____D C:\Users\Vinh\AppData\Local\Blizzard
2013-12-14 19:08 - 2013-12-28 03:25 - 00000000 ____D C:\Users\Vinh\AppData\Local\Battle.net
2013-12-14 19:08 - 2013-12-14 19:10 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Battle.net
2013-12-14 19:08 - 2013-12-14 19:08 - 00000000 ____D C:\Users\Vinh\AppData\Local\Blizzard Entertainment
2013-12-14 19:07 - 2013-12-14 19:08 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-12-14 19:06 - 2013-12-14 19:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-12-12 08:31 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:31 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 08:31 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 08:31 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 08:30 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 08:30 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 08:30 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 08:30 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 08:30 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 08:30 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 08:30 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 08:30 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 08:30 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 08:30 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 08:30 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 08:30 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 08:30 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 08:30 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 08:30 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 08:30 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 08:30 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 08:30 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 08:30 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 08:30 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 08:30 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 08:30 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:30 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 08:30 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 08:30 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 08:30 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 08:30 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 08:30 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 08:30 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 08:30 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 08:30 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\Users\Vinh\Documents\Aiseesoft Studio
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\Users\Vinh\AppData\Local\Aiseesoft Studio
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2013-12-12 07:52 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 07:52 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 07:52 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 07:52 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 07:52 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 07:52 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 07:52 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 07:52 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 07:52 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 07:52 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 07:52 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 07:52 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 07:52 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 07:52 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 07:52 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 07:52 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 07:52 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 07:52 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 07:52 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 17:21 - 2013-12-17 21:06 - 00010965 _____ C:\Users\Vinh\Desktop\Deckblatt.odt
2013-12-11 14:51 - 2013-12-11 14:51 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\LibreOffice
2013-12-11 14:50 - 2013-12-11 14:51 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-11 14:42 - 2013-12-11 14:42 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-10 16:19 - 2013-12-10 16:19 - 00000000 ____D C:\Users\Vinh\AppData\Local\Logitech® Webcam-Software
2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-10 16:16 - 2013-12-10 16:16 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Leadertech
2013-12-10 08:37 - 2013-12-10 08:37 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\SmartTools
2013-12-08 17:25 - 2013-12-15 15:23 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2013-12-08 17:25 - 2013-12-09 07:10 - 00000000 ____D C:\Users\Vinh\Documents\LOLReplay

==================== One Month Modified Files and Folders =======

2014-01-01 15:10 - 2014-01-01 15:10 - 00014414 _____ C:\Users\Vinh\Downloads\FRST.txt
2014-01-01 15:10 - 2014-01-01 15:10 - 00000000 ____D C:\FRST
2014-01-01 15:09 - 2014-01-01 15:09 - 01931302 _____ (Farbar) C:\Users\Vinh\Downloads\FRST64.exe
2014-01-01 14:57 - 2013-10-26 19:33 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Skype
2014-01-01 14:56 - 2013-10-26 19:45 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Spotify
2014-01-01 14:44 - 2014-01-01 14:44 - 00000281 _____ C:\Users\Vinh\Desktop\Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Trojaner-Board.URL
2014-01-01 14:26 - 2013-12-22 23:21 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA.job
2014-01-01 14:17 - 2013-10-26 19:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 13:38 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 13:38 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 13:36 - 2013-10-26 19:26 - 00694460 _____ C:\Windows\system32\perfh007.dat
2014-01-01 13:36 - 2013-10-26 19:26 - 00147584 _____ C:\Windows\system32\perfc007.dat
2014-01-01 13:36 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 13:34 - 2013-10-26 17:30 - 01666819 _____ C:\Windows\WindowsUpdate.log
2014-01-01 13:31 - 2013-12-31 12:43 - 00001008 _____ C:\Windows\setupact.log
2014-01-01 13:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 13:30 - 2013-10-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 03:56 - 2014-01-01 03:56 - 02347384 _____ (ESET) C:\Users\Vinh\Downloads\esetsmartinstaller_enu.exe
2014-01-01 03:53 - 2014-01-01 03:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 03:52 - 2014-01-01 03:52 - 01034531 _____ (Thisisu) C:\Users\Vinh\Downloads\JRT.exe
2014-01-01 03:51 - 2013-12-31 12:43 - 00010470 _____ C:\Windows\PFRO.log
2014-01-01 03:51 - 2013-12-26 23:22 - 00000000 ____D C:\ProgramData\Updater
2014-01-01 03:51 - 2013-12-26 23:22 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-01 03:47 - 2014-01-01 03:47 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Malwarebytes
2014-01-01 03:47 - 2014-01-01 03:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 03:47 - 2014-01-01 03:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Vinh\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 03:46 - 2014-01-01 03:46 - 00031976 _____ C:\ComboFix.txt
2014-01-01 03:46 - 2014-01-01 03:42 - 00000000 ____D C:\Qoobox
2014-01-01 03:46 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-01 03:45 - 2014-01-01 03:42 - 00000000 ____D C:\Windows\erdnt
2014-01-01 03:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-01 03:41 - 2014-01-01 03:40 - 05160176 ____R (Swearware) C:\Users\Vinh\Downloads\ComboFix.exe
2014-01-01 03:39 - 2014-01-01 03:36 - 00000000 ____D C:\AdwCleaner
2014-01-01 03:36 - 2014-01-01 03:36 - 01233962 _____ C:\Users\Vinh\Downloads\adwcleaner_3.016.exe
2014-01-01 02:57 - 2014-01-01 02:57 - 00005340 _____ C:\Users\Vinh\Downloads\biBa-CSGO-gaming-config-November-2013.rar
2014-01-01 02:54 - 2014-01-01 02:54 - 00004562 _____ C:\Users\Vinh\Downloads\CS_GO gaming config by biBa.rar
2014-01-01 02:05 - 2013-12-24 00:08 - 00000000 ____D C:\Users\Vinh\AppData\Local\DayZ
2014-01-01 02:00 - 2013-10-26 19:48 - 00000000 ____D C:\Users\Vinh\AppData\Local\Adobe
2014-01-01 01:15 - 2013-10-26 23:05 - 00000132 _____ C:\Users\Vinh\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-01-01 00:14 - 2014-01-01 00:14 - 00000272 _____ C:\Users\Vinh\Desktop\Eloboosting CHEAP And Fast.URL
2013-12-31 23:26 - 2013-12-22 23:21 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core.job
2013-12-31 21:02 - 2013-12-31 21:02 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-31 21:02 - 2013-12-31 21:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-31 21:02 - 2013-12-31 21:01 - 00000000 ____D C:\Program Files\iTunes
2013-12-31 21:02 - 2013-12-31 21:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-31 21:01 - 2013-12-31 21:01 - 00000000 ____D C:\Program Files\iPod
2013-12-31 17:17 - 2013-12-31 17:17 - 00000264 _____ C:\Users\Vinh\Desktop\Elo Boost for free.URL
2013-12-31 15:41 - 2013-11-20 15:41 - 00003648 _____ C:\Windows\System32\Tasks\Red Giant Link
2013-12-31 14:04 - 2013-12-31 14:04 - 00032816 _____ C:\Users\Vinh\Desktop\Unbenannt-1.psd
2013-12-31 12:43 - 2013-12-31 12:43 - 00000000 _____ C:\Windows\setuperr.log
2013-12-31 00:52 - 2013-12-31 00:52 - 00000223 _____ C:\Users\Vinh\Desktop\LiveZilla Installation Part1 - YouTube.URL
2013-12-30 22:32 - 2013-11-25 20:59 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\TS3Client
2013-12-30 22:32 - 2013-11-08 21:55 - 00000000 ____D C:\Users\Vinh\AppData\Local\CrashDumps
2013-12-30 22:28 - 2013-10-30 14:57 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2013-12-30 11:40 - 2013-10-26 19:45 - 00000000 ____D C:\Users\Vinh\AppData\Local\Spotify
2013-12-29 17:25 - 2013-10-26 19:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-29 17:17 - 2013-11-10 20:47 - 00000000 ____D C:\Users\Vinh\AppData\Local\NVIDIA Corporation
2013-12-29 17:17 - 2013-10-28 19:23 - 00000000 ____D C:\Users\Vinh\AppData\Local\NVIDIA
2013-12-29 17:17 - 2013-10-26 19:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-29 17:17 - 2013-10-26 19:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-29 17:14 - 2013-12-29 17:14 - 00000000 ____D C:\Users\Vinh\AppData\Local\PAYDAY
2013-12-29 16:07 - 2013-12-29 16:07 - 00000221 _____ C:\Users\Vinh\Desktop\PAYDAY The Heist.url
2013-12-29 16:07 - 2013-11-05 22:25 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-28 03:25 - 2013-12-14 19:08 - 00000000 ____D C:\Users\Vinh\AppData\Local\Battle.net
2013-12-27 23:48 - 2013-12-27 23:48 - 00000219 _____ C:\Users\Vinh\Desktop\Counter-Strike Global Offensive.url
2013-12-27 21:06 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Vinh\Documents\Games for Windows - LIVE Demos
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Users\Vinh\AppData\Local\NBGI
2013-12-27 21:04 - 2013-12-27 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-12-27 21:04 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Ashampoo
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\Users\Vinh\AppData\Local\ashampoo
2013-12-26 23:23 - 2013-12-26 23:23 - 00000000 ____D C:\ProgramData\Ashampoo
2013-12-25 16:55 - 2013-12-25 16:55 - 00000000 ____D C:\Program Files (x86)\avmwlanstick
2013-12-24 18:04 - 2013-12-24 18:04 - 00000000 ____D C:\Users\Vinh\Documents\Shadow Warrior
2013-12-24 16:51 - 2013-10-26 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-24 14:44 - 2013-12-24 14:44 - 00000222 _____ C:\Users\Vinh\Desktop\Shadow Warrior.url
2013-12-24 03:48 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\Documents\onlineTV 8
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\Documents\Podcast Studio
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRANZIS
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\concept design
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Program Files (x86)\FRANZIS
2013-12-24 03:44 - 2013-12-24 03:44 - 00000000 ____D C:\Program Files (x86)\concept design
2013-12-24 00:08 - 2013-12-24 00:08 - 00000000 ____D C:\Users\Vinh\Documents\DayZ
2013-12-23 18:20 - 2013-12-23 18:20 - 00000222 _____ C:\Users\Vinh\Desktop\DayZ.url
2013-12-23 02:18 - 2013-12-23 02:16 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Audacity
2013-12-23 02:16 - 2013-12-23 02:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-12-22 23:21 - 2013-12-22 23:21 - 00003898 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA
2013-12-22 23:21 - 2013-12-22 23:21 - 00003530 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core
2013-12-22 23:21 - 2013-12-22 23:21 - 00000000 ____D C:\Users\Vinh\AppData\Local\Facebook
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-22 18:47 - 2013-12-22 18:47 - 00000000 ____D C:\Program Files\Realtek
2013-12-22 18:14 - 2013-12-22 18:14 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-22 18:06 - 2013-10-26 19:36 - 00000138 _____ C:\Windows\system\Dlap.pfx
2013-12-22 18:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2013-12-21 15:53 - 2013-10-26 19:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-21 15:52 - 2013-10-26 19:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 15:52 - 2013-10-26 19:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 10:24 - 2013-10-26 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 10:56 - 2013-12-20 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:40 - 2013-11-07 12:10 - 00005120 _____ C:\Users\Vinh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-18 20:05 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 14:44 - 2013-12-17 22:45 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\.minecraft
2013-12-17 21:06 - 2013-12-11 17:21 - 00010965 _____ C:\Users\Vinh\Desktop\Deckblatt.odt
2013-12-17 16:09 - 2013-10-30 15:53 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\uTorrent
2013-12-16 07:11 - 2013-10-26 17:30 - 00000000 ___RD C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-16 07:11 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 07:11 - 2009-07-14 05:45 - 05932704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 20:55 - 2013-10-26 19:58 - 00258032 _____ C:\Users\Vinh\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-15 15:23 - 2013-12-08 17:25 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2013-12-15 15:12 - 2013-12-15 15:09 - 00003028 _____ C:\Windows\System32\Tasks\AnVir Task Manager
2013-12-15 15:10 - 2013-12-15 15:09 - 00000000 ____D C:\Users\Vinh\AppData\Local\AnVir
2013-12-15 15:09 - 2013-12-15 15:09 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\ChemTable Software
2013-12-15 15:09 - 2013-12-15 15:09 - 00000000 ____D C:\Users\Vinh\AppData\Local\ChemTable Software
2013-12-15 11:11 - 2013-11-25 20:58 - 00000000 ____D C:\Users\Vinh\AppData\Local\Overwolf
2013-12-15 01:49 - 2013-10-26 18:01 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 01:48 - 2013-10-26 18:01 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 20:54 - 2013-12-14 20:54 - 00000000 ____D C:\Users\Vinh\AppData\Local\Blizzard
2013-12-14 19:10 - 2013-12-14 19:08 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Battle.net
2013-12-14 19:08 - 2013-12-14 19:08 - 00000000 ____D C:\Users\Vinh\AppData\Local\Blizzard Entertainment
2013-12-14 19:08 - 2013-12-14 19:07 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-12-14 19:06 - 2013-12-14 19:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-12-12 16:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\Users\Vinh\Documents\Aiseesoft Studio
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\Users\Vinh\AppData\Local\Aiseesoft Studio
2013-12-12 08:21 - 2013-12-12 08:21 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2013-12-11 14:51 - 2013-12-11 14:51 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\LibreOffice
2013-12-11 14:51 - 2013-12-11 14:50 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-11 14:42 - 2013-12-11 14:42 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-10 16:19 - 2013-12-10 16:19 - 00000000 ____D C:\Users\Vinh\AppData\Local\Logitech® Webcam-Software
2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-10 16:16 - 2013-12-10 16:16 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Leadertech
2013-12-10 16:16 - 2013-10-26 18:16 - 00011404 _____ C:\Windows\system32\lvcoinst.log
2013-12-10 16:16 - 2013-10-26 18:16 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-12-10 08:37 - 2013-12-10 08:37 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\SmartTools
2013-12-10 03:13 - 2013-10-30 15:27 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-10-30 15:27 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-09 07:10 - 2013-12-08 17:25 - 00000000 ____D C:\Users\Vinh\Documents\LOLReplay
2013-12-05 23:15 - 2013-10-29 15:15 - 00000000 ____D C:\Users\Vinh\AppData\Roaming\Origin
2013-12-05 23:15 - 2013-10-29 15:13 - 00000000 ____D C:\ProgramData\Origin
2013-12-05 22:50 - 2013-11-19 18:31 - 00001456 _____ C:\Users\Vinh\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-05 16:36 - 2013-12-01 15:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-05 09:42 - 2013-12-29 17:17 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-29 17:17 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-10-26 19:18 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-04 11:42 - 2013-10-26 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-04 11:42 - 2013-10-26 19:33 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-10-26 20:15] - [2011-07-05 03:06] - 2249216 ____A (Microsoft Corporation) BA0F79A2E512B3332D83E6DECAEC3AC2

C:\Windows\SysWOW64\explorer.exe
[2013-10-26 17:46] - [2011-02-25 06:30] - 2476544 ____A (Microsoft Corporation) 7038BEFB1444CF742784E07A78C7577B

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 20:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Addition:
[spoiler]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Vinh at 2014-01-01 15:10:33
Running from C:\Users\Vinh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe After Effects CC (x32 Version: 12.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (x32 Version: 2.2.1.260 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter Platinum 7.1.10 (x32 Version: 7.1.10 - Aiseesoft Studio)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
Audiosurf (x32 Version: - Dylan Fitterer)
AVM FRITZ!WLAN (x32 Version: - AVM Berlin)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Ghosts - Multiplayer (x32 Version: - )
Call of Duty: Ghosts (x32 Version: - Infinity Ward)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech)
Camtasia Studio 8 (x32 Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (Version: 4.07 - Piriform)
Color Suite v11.0.1 (x32 Version: 11.0.1 - Red Giant, LLC)
concept/design Video Jukebox (x32 Version: 1.3.0.0 - concept/design GmbH)
Counter-Strike: Global Offensive (x32 Version: - Valve)
CustoPackTools (Version: - neOceane)
Dark Souls: Prepare to Die Edition (x32 Version: - FromSoftware)
DayZ (x32 Version: - Bohemia Interactive)
Dxtory 2.0.104 (x32 Version: 2.0.104 - Dxtory Software)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
FRANZIS onlineTV 8 (x32 Version: 8.5.0.10 - FRANZIS Verlag GmbH)
Fraps (remove only) (x32 Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Lagarith Lossless Codec (1.3.27) (x32 Version: - )
League of Legends (x32 Version: 3.0.1 - Riot Games )
LibreOffice 4.1.3.2 (x32 Version: 4.1.3.2 - The Document Foundation)
Logitech Webcam-Software (x32 Version: 2.51 - Logitech Inc.)
LOLReplay (x32 Version: 0.8.5.2 - League Replays | Home)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech)
LWS Gallery (x32 Version: 13.51.827.0 - Logitech)
LWS Help_main (x32 Version: 13.51.828.0 - Logitech)
LWS Launcher (x32 Version: 13.51.828.0 - Logitech)
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech)
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech)
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech)
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech)
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech)
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.)
NVIDIA 3D Vision Controller-Treiber 331.93 (Version: 331.93 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.93 (Version: 331.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.93 (Version: 331.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation)
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3193 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.93 (Version: 331.93 - NVIDIA Corporation)
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (x32 Version: - )
Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.)
PAYDAY: The Heist (x32 Version: - OVERKILL Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
RealFlow Plug-in for Cinema4D (x32 Version: 1.0 - Next Limit)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Red Giant Link (x32 Version: 1.7.19.0 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (x32 Version: - )
Shadow Warrior (x32 Version: - Flying Wild Hog)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
Tt eSPORTS BLACK Element (x32 Version: 0.0.1 - Thermaltake)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Vegas Pro 12.0 (64-bit) (Version: 12.0.726 - Sony)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

01-01-2014 02:42:33 ComboFix created restore point

==================== Hosts content: ==========================

2013-11-07 12:07 - 2014-01-01 03:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {033CFE13-9E99-4377-872A-31C83F3BBDCE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {0FB3E9F3-BB0B-4BB3-A2FC-E9F042973A47} - System32\Tasks\AnVir Task Manager => E:\Program Files (x86)\AnVir Task Manager2\anvir.exe
Task: {2E980556-7AF3-4E19-B86B-4BFD953B6FF5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA => C:\Users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-22] (Facebook Inc.)
Task: {4F638F2F-3DE8-4609-986B-CDC7318D297C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core => C:\Users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-22] (Facebook Inc.)
Task: {A4AEB433-4441-46D7-BF7D-76DBEF0DA277} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2013-10-10] ()
Task: {B6AD42C2-32F0-46F4-BC48-8D764376A67E} - System32\Tasks\AdobeAAMUpdater-1.0-Vinh-PC-Vinh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {CAFE8048-929E-4755-865F-E20ECD41C4EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1A792B1-99E9-41A1-BC7E-DE51B5A091AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core.job => C:\Users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA.job => C:\Users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-26 19:45 - 2013-12-07 11:17 - 36967424 _____ () C:\Users\Vinh\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-29 15:15 - 2013-11-30 09:39 - 00064000 _____ () G:\Program Files (x86)\Origin\tufao.dll
2013-10-24 09:45 - 2013-11-06 22:48 - 00691200 _____ () G:\Program Files (x86)\Steam\SDL2.dll
2013-10-30 11:25 - 2013-12-11 20:40 - 01135016 _____ () G:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2013-11-06 22:48 - 20625832 _____ () G:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () G:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () G:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () G:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-26 19:39 - 2010-11-18 08:16 - 00747304 _____ () C:\Program Files (x86)\Thermaltake\Tt eSPORTS BLACK Element\Ms2Osd.dll
2013-10-17 16:45 - 2013-10-17 16:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () E:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () E:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () E:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () E:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () E:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-03-13 12:42 - 2013-06-05 13:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-10-26 19:45 - 2013-12-07 11:17 - 00887808 _____ () C:\Users\Vinh\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-26 19:45 - 2013-12-07 11:17 - 00109568 _____ () C:\Users\Vinh\AppData\Roaming\Spotify\Data\libegl.dll
2013-12-20 10:56 - 2013-12-20 10:56 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 21:17 - 2013-12-11 21:17 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2014 01:31:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:52:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:51:56 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 1.0.0.127.in-addr.arpa. PTR Vinh-PC.local.

Error: (01/01/2014 03:51:56 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 17 1.0.0.127.in-addr.arpa. PTR Vinh-PC-2.local.

Error: (01/01/2014 03:40:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:38:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 02:26:05 AM) (Source: Google Update) (User: Vinh-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (12/31/2013 01:09:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 00:43:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 10:28:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x3e24
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3


System errors:
=============
Error: (01/01/2014 01:31:19 PM) (Source: NetBT) (User: )
Description: Der Name "VINH-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.104
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/01/2014 01:31:18 PM) (Source: NetBT) (User: )
Description: Der Name "VINH-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.104
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/01/2014 01:31:18 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{76E5871D-4018-444A-B6F4-C7F5F988B2F9} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (01/01/2014 03:45:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/01/2014 03:45:10 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/01/2014 03:43:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/01/2014 03:42:14 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/01/2014 03:42:14 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Internet Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/01/2014 02:57:33 AM) (Source: NetBT) (User: )
Description: Der Name "VINH-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/01/2014 02:56:58 AM) (Source: NetBT) (User: )
Description: Der Name "VINH-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (01/01/2014 01:31:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:52:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:51:56 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 1.0.0.127.in-addr.arpa. PTR Vinh-PC.local.

Error: (01/01/2014 03:51:56 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 17 1.0.0.127.in-addr.arpa. PTR Vinh-PC-2.local.

Error: (01/01/2014 03:40:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:38:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 02:26:05 AM) (Source: Google Update)(User: Vinh-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (12/31/2013 01:09:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 00:43:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 10:28:49 PM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd763e2401cf058e0ec97a39G:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClient.exeG:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll5ef06f27-7199-11e3-aad5-bc0543003168


CodeIntegrity Errors:
===================================
Date: 2014-01-01 03:45:10.578
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2014-01-01 03:45:10.558
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8087.62 MB
Available physical RAM: 5461.92 MB
Total Pagefile: 16173.41 MB
Available Pagefile: 13375.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:59.53 GB) (Free:10.03 GB) NTFS
Drive e: (Sachen) (Fixed) (Total:931.51 GB) (Free:922.91 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:931.51 GB) (Free:839.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0663C8D4)
Partition 1: (Not Active) - (Size=1008 KB) - (Type=42)
Partition 2: (Active) - (Size=932 GB) - (Type=42)
Partition 3: (Not Active) - (Size=1752 KB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 8FC13257)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 802AE9B4)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=932 GB) - (Type=42)
Partition 3: (Not Active) - (Size=2776 KB) - (Type=42)

==================== End Of Log ============================[/spoiler]
__________________

Geändert von Nocture (01.01.2014 um 14:17 Uhr)

Alt 01.01.2014, 14:39   #4
aharonov
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Poste bitte alle Logs der Tools, die du bereits hast laufen lassen.
__________________
cheers,
Leo

Alt 01.01.2014, 14:44   #5
Nocture
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Habe unterschiedliche Tools benutzt, auch von diesem Forum, weil ich gegoogelt habe. Könntes du mir nochmal die Tools sagen


Alt 01.01.2014, 14:49   #6
aharonov
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Ich sehe im FRST-Log, dass du Combofix, AdwCleaner, JRT, Malwarebytes-Antimalware und den ESET Onlinescanner eingesetzt hast. Poste bitte alles Logs von diesen Scans.
__________________
--> Text Link doppelt markiert mit Popup im Browser [Holen Media Player]

Alt 01.01.2014, 16:53   #7
Nocture
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Combofix:Combofix Logfile:
Code:
ATTFilter
ComboFix 13-12-31.01 - Vinh 01.01.2014  16:41:44.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.8088.6284 [GMT 1:00]
ausgeführt von:: c:\users\Vinh\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-01 bis 2014-01-01  ))))))))))))))))))))))))))))))
.
.
2014-01-01 15:43 . 2014-01-01 15:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-01 14:10 . 2014-01-01 14:10	--------	d-----w-	C:\FRST
2014-01-01 02:53 . 2014-01-01 02:53	--------	d-----w-	c:\windows\ERUNT
2014-01-01 02:51 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC27A7D4-DF24-494C-9DF6-E29B6C6E2366}\mpengine.dll
2014-01-01 02:47 . 2014-01-01 02:47	--------	d-----w-	c:\users\Vinh\AppData\Roaming\Malwarebytes
2014-01-01 02:47 . 2014-01-01 02:47	--------	d-----w-	c:\programdata\Malwarebytes
2014-01-01 02:36 . 2014-01-01 02:39	--------	d-----w-	C:\AdwCleaner
2013-12-31 20:01 . 2013-12-31 20:01	--------	d-----w-	c:\program files\iPod
2013-12-31 20:01 . 2013-12-31 20:02	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-31 20:01 . 2013-12-31 20:02	--------	d-----w-	c:\program files\iTunes
2013-12-31 20:01 . 2013-12-31 20:02	--------	d-----w-	c:\program files (x86)\iTunes
2013-12-30 14:43 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-29 16:17 . 2013-12-05 08:42	39200	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-12-29 16:17 . 2013-12-05 08:42	32544	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-12-29 16:14 . 2013-12-29 16:14	--------	d-----w-	c:\users\Vinh\AppData\Local\PAYDAY
2013-12-27 20:04 . 2013-12-27 20:04	--------	d-----w-	c:\users\Vinh\AppData\Local\NBGI
2013-12-27 20:04 . 2013-12-27 20:04	--------	d-----w-	c:\windows\SysWow64\xlive
2013-12-27 20:04 . 2013-12-27 20:04	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-12-26 22:23 . 2013-12-26 22:23	--------	d-----w-	c:\users\Vinh\AppData\Roaming\Ashampoo
2013-12-26 22:23 . 2013-12-26 22:23	--------	d-----w-	c:\users\Vinh\AppData\Local\ashampoo
2013-12-26 22:23 . 2013-12-26 22:23	--------	d-----w-	c:\programdata\Ashampoo
2013-12-26 22:22 . 2014-01-01 02:51	--------	d-----w-	c:\programdata\Updater
2013-12-26 22:22 . 2014-01-01 02:51	--------	d-----w-	c:\programdata\RHelpers
2013-12-25 15:55 . 2013-12-25 15:55	--------	d-----w-	c:\program files (x86)\avmwlanstick
2013-12-24 15:51 . 2007-01-19 17:24	25312	----a-w-	c:\windows\system32\drivers\SCMNdisP.sys
2013-12-23 23:08 . 2014-01-01 01:05	--------	d-----w-	c:\users\Vinh\AppData\Local\DayZ
2013-12-23 01:16 . 2013-12-23 01:18	--------	d-----w-	c:\users\Vinh\AppData\Roaming\Audacity
2013-12-23 01:16 . 2013-12-23 01:16	--------	d-----w-	c:\program files (x86)\Audacity
2013-12-22 22:21 . 2013-12-22 22:21	--------	d-----w-	c:\users\Vinh\AppData\Local\Facebook
2013-12-22 17:47 . 2013-12-22 17:47	--------	d-----w-	c:\windows\SysWow64\RTCOM
2013-12-22 17:47 . 2013-12-22 17:47	--------	d-----w-	c:\program files\Realtek
2013-12-22 17:16 . 2013-12-22 17:16	--------	d-----w-	c:\users\Vinh\AppData\Local\ElevatedDiagnostics
2013-12-17 21:45 . 2013-12-18 13:44	--------	d-----w-	c:\users\Vinh\AppData\Roaming\.minecraft
2013-12-15 14:09 . 2013-12-15 14:09	--------	d-----w-	c:\users\Vinh\AppData\Roaming\ChemTable Software
2013-12-15 14:09 . 2013-12-15 14:09	--------	d-----w-	c:\users\Vinh\AppData\Local\ChemTable Software
2013-12-15 14:09 . 2013-12-15 14:10	--------	d-----w-	c:\users\Vinh\AppData\Local\AnVir
2013-12-14 19:54 . 2013-12-14 19:54	--------	d-----w-	c:\users\Vinh\AppData\Local\Blizzard
2013-12-14 18:08 . 2013-12-14 18:08	--------	d-----w-	c:\users\Vinh\AppData\Local\Blizzard Entertainment
2013-12-14 18:08 . 2013-12-28 02:25	--------	d-----w-	c:\users\Vinh\AppData\Local\Battle.net
2013-12-14 18:08 . 2013-12-14 18:10	--------	d-----w-	c:\users\Vinh\AppData\Roaming\Battle.net
2013-12-14 18:07 . 2013-12-30 21:28	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2013-12-14 18:07 . 2013-12-14 18:08	--------	d-----w-	c:\programdata\Blizzard Entertainment
2013-12-14 18:06 . 2013-12-14 18:06	--------	d-----w-	c:\programdata\Battle.net
2013-12-12 07:31 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 07:31 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 07:31 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 07:31 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-12 07:31 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-12 07:21 . 2013-12-12 07:21	--------	d-----w-	c:\users\Vinh\AppData\Local\Aiseesoft Studio
2013-12-12 07:21 . 2013-12-12 07:21	--------	d-----w-	c:\programdata\Aiseesoft Studio
2013-12-11 13:51 . 2013-12-11 13:51	--------	d-----w-	c:\users\Vinh\AppData\Roaming\LibreOffice
2013-12-11 13:50 . 2013-12-11 13:51	--------	d-----w-	c:\program files (x86)\LibreOffice 4
2013-12-11 13:42 . 2013-12-11 13:42	--------	d-----w-	c:\programdata\Overwolf
2013-12-10 15:19 . 2013-12-10 15:19	--------	d-----w-	c:\users\Vinh\AppData\Local\Logitech® Webcam-Software
2013-12-10 15:17 . 2013-12-10 15:17	--------	d-----w-	c:\programdata\LogiShrd
2013-12-10 15:16 . 2013-12-10 15:16	53248	----a-r-	c:\users\Vinh\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-10 15:16 . 2013-12-10 15:16	--------	d-----w-	c:\users\Vinh\AppData\Roaming\Leadertech
2013-12-10 07:37 . 2013-12-10 07:37	--------	d-----w-	c:\users\Vinh\AppData\Roaming\SmartTools
2013-12-08 16:25 . 2013-12-15 14:23	--------	d-----w-	c:\program files (x86)\LOLReplay
2013-12-07 10:28 . 2013-10-26 19:20	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D3729EA-E836-44A9-BB19-F76897B2CF6C}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-27 20:05 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-12-27 20:05 . 2009-08-18 10:24	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-21 14:52 . 2013-10-26 18:48	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-21 14:52 . 2013-10-26 18:48	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-15 00:48 . 2013-10-26 17:01	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-10 02:13 . 2013-10-30 14:27	982232	----a-w-	c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-30 14:27	1100248	----a-w-	c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-10-26 18:18	35104	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-11-28 19:16 . 2013-10-30 07:47	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-11-27 15:10 . 2013-10-30 07:47	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-11-23 19:26 . 2013-10-26 18:18	3069608	----a-w-	c:\windows\system32\nvapi64.dll
2013-11-23 19:26 . 2013-10-26 18:18	2697248	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-11-23 19:26 . 2013-10-26 18:18	18293096	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-11-23 19:26 . 2013-10-26 18:18	15862272	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-11-23 19:26 . 2013-10-26 18:18	15218504	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-11-23 19:26 . 2013-10-26 18:18	1436528	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-11-23 17:42 . 2013-10-26 18:19	6674208	----a-w-	c:\windows\system32\nvcpl.dll
2013-11-23 17:42 . 2013-10-26 18:19	3490080	----a-w-	c:\windows\system32\nvsvc64.dll
2013-11-23 17:42 . 2013-10-30 14:31	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-11-23 17:42 . 2013-10-26 18:19	922912	----a-w-	c:\windows\system32\nvvsvc.exe
2013-11-23 17:42 . 2013-10-26 18:19	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-11-23 17:42 . 2013-10-26 18:19	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-11-23 11:18 . 2013-11-23 11:18	590112	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-11-22 16:28 . 2013-10-26 18:19	3498475	----a-w-	c:\windows\system32\nvcoproc.bin
2013-11-20 16:51 . 2013-11-11 21:19	46368	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-11-20 12:36 . 2013-11-20 10:03	52171	----a-w-	c:\windows\RFC4DPluginUninstall.exe
2013-11-19 20:58 . 2013-11-19 20:58	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 20:58 . 2013-11-19 20:58	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-11-19 20:58 . 2013-11-19 20:58	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 20:58 . 2013-11-19 20:58	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-11-19 20:58 . 2013-11-19 20:58	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-11-19 20:58 . 2013-11-19 20:58	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 20:58 . 2013-11-19 20:58	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-11-19 20:58 . 2013-11-19 20:58	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 20:58 . 2013-11-19 20:58	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-11-19 20:58 . 2013-11-19 20:58	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-11-19 20:58 . 2013-11-19 20:58	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 20:58 . 2013-11-19 20:58	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-11-19 20:58 . 2013-11-19 20:58	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-11-19 20:58 . 2013-11-19 20:58	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-11-19 20:58 . 2013-11-19 20:58	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-11-19 20:58 . 2013-11-19 20:58	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-11-19 20:58 . 2013-11-19 20:58	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-11-19 20:58 . 2013-11-19 20:58	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-11-19 20:58 . 2013-11-19 20:58	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-11-19 20:58 . 2013-11-19 20:58	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 20:58 . 2013-11-19 20:58	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-11-19 20:58 . 2013-11-19 20:58	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 20:58 . 2013-11-19 20:58	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-11-19 20:58 . 2013-11-19 20:58	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 20:58 . 2013-11-19 20:58	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-11-19 20:58 . 2013-11-19 20:58	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-11-19 20:58 . 2013-11-19 20:58	81408	----a-w-	c:\windows\system32\icardie.dll
2013-11-19 20:58 . 2013-11-19 20:58	774144	----a-w-	c:\windows\system32\jscript.dll
2013-11-19 20:58 . 2013-11-19 20:58	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-11-19 20:58 . 2013-11-19 20:58	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 20:58 . 2013-11-19 20:58	626176	----a-w-	c:\windows\system32\msfeeds.dll
2013-11-19 20:58 . 2013-11-19 20:58	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-11-19 20:58 . 2013-11-19 20:58	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-11-19 20:58 . 2013-11-19 20:58	548352	----a-w-	c:\windows\system32\vbscript.dll
2013-11-19 20:58 . 2013-11-19 20:58	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-11-19 20:58 . 2013-11-19 20:58	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-11-19 20:58 . 2013-11-19 20:58	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-11-19 20:58 . 2013-11-19 20:58	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-11-19 20:58 . 2013-11-19 20:58	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-11-19 20:58 . 2013-11-19 20:58	413696	----a-w-	c:\windows\system32\html.iec
2013-11-19 20:58 . 2013-11-19 20:58	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 20:58 . 2013-11-19 20:58	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-11-19 20:58 . 2013-11-19 20:58	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-11-19 20:58 . 2013-11-19 20:58	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-11-19 20:58 . 2013-11-19 20:58	247808	----a-w-	c:\windows\system32\msls31.dll
2013-11-19 20:58 . 2013-11-19 20:58	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-11-19 20:58 . 2013-11-19 20:58	235520	----a-w-	c:\windows\system32\url.dll
2013-11-19 20:58 . 2013-11-19 20:58	195584	----a-w-	c:\windows\system32\msrating.dll
2013-11-19 20:58 . 2013-11-19 20:58	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-11-19 20:58 . 2013-11-19 20:58	147968	----a-w-	c:\windows\system32\occache.dll
2013-11-19 20:58 . 2013-11-19 20:58	143872	----a-w-	c:\windows\system32\wextract.exe
2013-11-19 20:58 . 2013-11-19 20:58	13824	----a-w-	c:\windows\system32\mshta.exe
2013-11-19 20:58 . 2013-11-19 20:58	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-11-19 20:58 . 2013-11-19 20:58	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-11-19 20:58 . 2013-11-19 20:58	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-11-19 20:58 . 2013-11-19 20:58	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-11-19 20:58 . 2013-11-19 20:58	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 20:58 . 2013-11-19 20:58	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-11-19 20:58 . 2013-11-19 20:58	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-19 10:21 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-14 11:56 . 2013-11-19 20:40	1511712	----a-w-	c:\windows\system32\nvdispgenco6433182.dll
2013-11-14 11:56 . 2013-11-19 20:40	1884448	----a-w-	c:\windows\system32\nvdispco6433182.dll
2013-10-30 16:07 . 2013-10-30 16:07	715038	----a-w-	c:\windows\unins000.exe
2013-10-30 07:47 . 2013-10-30 07:47	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-10-26 19:20 . 2013-11-07 06:51	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-26 18:51 . 2009-07-13 23:55	332288	----a-w-	c:\windows\system32\uxtheme.dll
2013-10-26 18:51 . 2010-11-21 03:23	2851840	----a-w-	c:\windows\system32\themeui.dll
2013-10-26 18:51 . 2009-07-13 23:54	44544	----a-w-	c:\windows\system32\themeservice.dll
2013-10-26 18:12 . 2013-10-26 18:12	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 10:30 . 2013-10-30 14:31	1884448	----a-w-	c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-30 14:31	1511712	----a-w-	c:\windows\system32\nvdispgenco6433165.dll
2013-10-16 00:48 . 2013-10-26 18:18	1884448	----a-w-	c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-26 18:18	1511712	----a-w-	c:\windows\system32\nvdispgenco6433158.dll
2013-10-15 23:20 . 2013-10-26 17:41	10280728	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C33D0D8B-007A-4655-A052-4C4132D92FC7}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-05 . BA0F79A2E512B3332D83E6DECAEC3AC2 . 2249216 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168]
"Spotify"="c:\users\Vinh\AppData\Roaming\Spotify\Spotify.exe" [2013-12-07 5951488]
"EADM"="g:\program files (x86)\Origin\Origin.exe" [2013-11-30 3551576]
"Steam"="g:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"Spotify Web Helper"="c:\users\Vinh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-07 1168896]
"Facebook Update"="c:\users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-12-22 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Tt eSPORTS BLACK Element Gaming Mouse"="c:\program files (x86)\Thermaltake\Tt eSPORTS BLACK Element\BlackElement.exe" [2010-12-08 16889640]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"LWS"="e:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CBC.exe [2011-5-7 141554]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2013-12-11 526848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 hmip;hmip;c:\windows\system32\Drivers\hmip64.sys;c:\windows\SYSNATIVE\Drivers\hmip64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Thermnaltake MS2 Filter;Thermnaltake MS2 Filter;c:\windows\system32\Drivers\MS2Filter.sys;c:\windows\SYSNATIVE\Drivers\MS2Filter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-26 14:52]
.
2013-12-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000Core.job
- c:\users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-22 22:21]
.
2014-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995078936-480804704-2261662729-1000UA.job
- c:\users\Vinh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-22 22:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\
FF - prefs.js: keyword.URL - 
FF - ExtSQL: 2013-11-11 22:19; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1
FF - ExtSQL: 2013-11-19 18:38; firefox@mega.co.nz; c:\users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\extensions\firefox@mega.co.nz.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,a2,25,4a,3c,2e,4c,47,85,ba,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,a2,25,4a,3c,2e,4c,47,85,ba,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-01  16:44:50
ComboFix-quarantined-files.txt  2014-01-01 15:44
ComboFix2.txt  2014-01-01 02:46
.
Vor Suchlauf: 14 Verzeichnis(se), 10.506.285.056 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 10.452.996.096 Bytes frei
.
- - End Of File - - F06A3EA0981D61B21161CF284B713AB9
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31


adw:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Report created 01/01/2014 at 17:01:57
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Vinh - VINH-PC
# Running from : C:\Users\Vinh\Downloads\adwcleaner_3.016.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\Vinh\AppData\Roaming\Mozilla\Firefox\Profiles\olyppc8u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8811 octets] - [01/01/2014 03:36:49]
AdwCleaner[R1].txt - [1020 octets] - [01/01/2014 03:38:51]
AdwCleaner[R2].txt - [750 octets] - [01/01/2014 17:01:57]
AdwCleaner[S0].txt - [8563 octets] - [01/01/2014 03:37:13]
AdwCleaner[S1].txt - [1086 octets] - [01/01/2014 03:39:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [929 octets] ##########
         
--- --- ---

jrt log:JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Ultimate x64
Ran by Vinh on 01.01.2014 at 17:03:41,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Vinh\AppData\Roaming\mozilla\firefox\profiles\olyppc8u.default\minidumps [98 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2014 at 17:06:33,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


malwarbytes:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware

Datenbank Version: v2014.01.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Vinh :: VINH-PC [Administrator]

Schutz: Deaktiviert

01.01.2014 17:08:51
mbam-log-2014-01-01 (17-08-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216831
Laufzeit: 1 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 01.01.2014, 19:54   #8
aharonov
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    ATTFilter
    c:\windows\explorer.exe
             
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.
Wiederhole das dann noch mit folgender Datei:
Code:
ATTFilter
C:\Users\Vinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CBC.exe
         
__________________
cheers,
Leo

Alt 07.01.2014, 14:34   #9
aharonov
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________
cheers,
Leo

Antwort

Themen zu Text Link doppelt markiert mit Popup im Browser [Holen Media Player]
browser, doppel, doppelt, erscheine, erscheinen, heute, holen, holen media player, klicke, leute, link, markiert, media, media player, nervig, player, popup, texte, ziemlich



Ähnliche Themen: Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


  1. Im Browser sehe ich doppelt unterstrichene Wörter die ein Link sind
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (9)
  2. Firefox erscheinen doppelt unterstichene Wörter und es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (18)
  3. Holen Media Player, doppelt unterstrichene Wörter in Mozilla
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (7)
  4. Text Link doppelt markiert mit Popup im Browser [Holen Media Player]
    Log-Analyse und Auswertung - 22.01.2014 (3)
  5. Firefox erscheinen doppelt unterstichene Wörter; es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (23)
  6. Datenleck im Browser-Plug-in des Windows Media Player
    Nachrichten - 16.07.2013 (0)
  7. rechner scrollt automatisch runter im browser bei spielen im media player überall...
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  8. Automatischer Start von Media Player sowie Media Center + Zeitumstellung
    Log-Analyse und Auswertung - 20.04.2011 (1)
  9. Windows Media Player
    Mülltonne - 18.11.2008 (2)
  10. Windows Media Player
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (0)
  11. web media player
    Log-Analyse und Auswertung - 17.07.2008 (6)
  12. Thunderbird Text mit Link hinterlegen
    Alles rund um Windows - 05.01.2008 (2)
  13. Problem mit dem Media Player 10
    Alles rund um Windows - 08.05.2006 (3)
  14. Media Player
    Alles rund um Windows - 23.10.2005 (14)
  15. Windows Media Player
    Alles rund um Windows - 04.09.2005 (12)
  16. media player 10
    Alles rund um Windows - 21.02.2005 (2)
  17. welcher media-player?
    Alles rund um Windows - 19.02.2003 (9)

Zum Thema Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Hallo Leute, Ich bin seid heute angemelded und habe ein Problem. Bei mir erscheinen immer im Browser, wo Texte doppelt markiert werden in Grün. Wenn ich darauf klicke steht da - Text Link doppelt markiert mit Popup im Browser [Holen Media Player]...
Archiv
Du betrachtest: Text Link doppelt markiert mit Popup im Browser [Holen Media Player] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.