Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spotify / Steam nur im Offlinemodus nutzbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.03.2015, 16:12   #1
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,

Seid heute sind Steam und Spotify nur noch im offlinemodus nutzbar, obwohl mein Rechner (per lan) mit dem Internet verbunden ist. Google Chrome funktioniert soweit einwandfrei.

Ich vermute, dass Viren das Problem verursachen und habe schon einmal diverse Logfiles erstellt die ich nun posten werde.

Malwarebytes Anti-Malware Logfile
Datenbank lässt sich nicht aktualisieren, Database Version: v2014.11.20.06

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 08.03.2015
Scan Time: 15:24:02
Logfile: malwarebytes Anti-Malware log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kurier

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316190
Time Elapsed: 3 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Clara.A, C:\Users\Kurier\AppData\Local\Temp\setup.exe, Quarantined, [d63055e998e49a9c3e08606c61a0a15f], 
PUP.Optional.Somoto, C:\Users\Kurier\AppData\Local\Temp\bitool.dll, Quarantined, [47bf80bef7851125784ac4c2bf43847c], 
PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\STab_v4.0.exe, Quarantined, [e224b38bd4a839fdaadbbe77ce32ec14], 
PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [ee18c975e99367cf8001f5c72cd538c8], 
PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\STab_v4.0.exe, Quarantined, [cd39ca74bbc10e28afd6013499671ae6], 
PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [c5419da16715ba7c4938a6164bb67789], 
PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\SetupImgBurn_2.5.8.0.exe, Quarantined, [e4229f9f92ea52e4ab5bcaabd72e2ad6], 
PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\DTLite4491-0356.exe, Quarantined, [ca3cd26c80fcab8ba264fd78b055d42c], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, Quarantined, [c73f7fbfccb0b185b8003a779c6807f9], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 logfile:

Code:
ATTFilter
 GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-08 16:37:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 KINGSTON_SV300S37A120G rev.541ABBF0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Kurier\AppData\Local\Temp\ufdiipod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                0000000077a6faa8 5 bytes JMP 0000000173052e10
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                         0000000077a70038 5 bytes JMP 0000000173052dd0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779                                                                                                                 000000007665b9f8 4 bytes [10, 3D, 05, 73]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                            0000000076b41465 2 bytes [B4, 76]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                           0000000076b414bb 2 bytes [B4, 76]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000076b41465 2 bytes [B4, 76]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                             0000000076b414bb 2 bytes [B4, 76]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                     0000000076b41465 2 bytes [B4, 76]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                    0000000076b414bb 2 bytes [B4, 76]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3388] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                                                                                                   00000000777a0880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                                       0000000076b41465 2 bytes [B4, 76]
.text    C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                                      0000000076b414bb 2 bytes [B4, 76]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                        0000000076b41465 2 bytes [B4, 76]
.text    C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                       0000000076b414bb 2 bytes [B4, 76]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                                            0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                   000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                                   0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                           000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                          0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                             0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                 0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                               0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                               00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                             00000000778727d2 8 bytes {JMP 0x10}
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                              000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                                             0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                     0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                                     0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                 000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                                 00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                    0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                             0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                                            0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                                            00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                                                00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                                                0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                                          00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                                          00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                                             0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                                             0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                                          0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                                          0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                                         0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                                            0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                                         00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                                    00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                                              00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                                                00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                                                00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                                   000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                                   000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                                     00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                                         00000000778768d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                                        000000007787692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                                  0000000077877166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                                           0000000077877dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                                  0000000077877e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                       00000000778c1380 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                     00000000778c1500 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                           00000000778c1530 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                         00000000778c1650 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                             00000000778c1700 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                             00000000778c1d30 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                           00000000778c1f80 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                           00000000778c27e0 8 bytes JMP 3f3f3f3f
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                         00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                         00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                      00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                   00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                   00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                             00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                        0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                               000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                               0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                       000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                      0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                         0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                             0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                           0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                           00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                         00000000778727d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                          000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                         0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                 0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                 0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                             000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                             00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                            0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                            0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                         0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                        0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                        00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                            00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                            0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                      00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                      00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                         0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                         0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                      0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                      0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                     0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                        0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                     00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                          00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                            00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                            00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                               000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                               000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                 00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                     00000000778768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                    000000007787692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                              0000000077877166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                       0000000077877dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                              0000000077877e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                   00000000778c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                 00000000778c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                       00000000778c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                     00000000778c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                         00000000778c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                         00000000778c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                       00000000778c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                       00000000778c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                     00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                     00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                  00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                               00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                               00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                         00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                                                              0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                                     000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                                                     0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                                             000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                                            0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                                               0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                                   0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                                                 0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                                                 00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                                               00000000778727d2 8 bytes {JMP 0x10}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                                                000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                                                               0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                                       0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                                                       0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                                   000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                                                   00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                                  0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                                  0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                                      0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                                               0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                                                              0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                                                              00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                                                                  00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                                                                  0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                                                            00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                                                            00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                                                               0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                                                               0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                                                            0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                                                            0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                                                           0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                                                              0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                                                           00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                                                      00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                                                                00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                                                                  00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                                                                  00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                                                     000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                                                     000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                                                       00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                                                           00000000778768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                                                          000000007787692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                                                    0000000077877166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                                                             0000000077877dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                                                    0000000077877e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                         00000000778c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                       00000000778c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                             00000000778c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                           00000000778c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                               00000000778c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                               00000000778c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                             00000000778c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                             00000000778c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                                           00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                                           00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                                        00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                     00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                                     00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                                               00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT      C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                                                                                                             [fffff8800335cec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\services.exe [768:3112]                                                                                                                                                                                                                 0000000000e3ef60
Thread   C:\Windows\system32\services.exe [768:3116]                                                                                                                                                                                                                 0000000000e3ef60
Thread   C:\Windows\system32\services.exe [768:3120]                                                                                                                                                                                                                 0000000000e3ef60
Thread   C:\Windows\system32\services.exe [768:3124]                                                                                                                                                                                                                 0000000000e3ef60
Thread   C:\Windows\system32\svchost.exe [220:472]                                                                                                                                                                                                                   0000000000d6ef60
Thread   C:\Windows\system32\svchost.exe [220:468]                                                                                                                                                                                                                   0000000000d6ef60
Thread   C:\Windows\system32\svchost.exe [220:620]                                                                                                                                                                                                                   0000000000d6ef60
Thread   C:\Windows\system32\svchost.exe [220:728]                                                                                                                                                                                                                   0000000000d6ef60
Thread   C:\Windows\system32\svchost.exe [1132:1688]                                                                                                                                                                                                                 000000000277ef60
Thread   C:\Windows\system32\svchost.exe [1132:1692]                                                                                                                                                                                                                 000000000277ef60
Thread   C:\Windows\system32\svchost.exe [1132:1696]                                                                                                                                                                                                                 000000000277ef60
Thread   C:\Windows\system32\svchost.exe [1132:1700]                                                                                                                                                                                                                 000000000277ef60
Thread   C:\Windows\System32\spoolsv.exe [1724:4324]                                                                                                                                                                                                                 00000000020aef60
Thread   C:\Windows\System32\spoolsv.exe [1724:4308]                                                                                                                                                                                                                 00000000020aef60
Thread   C:\Windows\System32\spoolsv.exe [1724:4660]                                                                                                                                                                                                                 00000000020aef60
Thread   C:\Windows\System32\spoolsv.exe [1724:5116]                                                                                                                                                                                                                 00000000020aef60
Thread   C:\Windows\system32\svchost.exe [1816:2024]                                                                                                                                                                                                                 0000000000f7ef60
Thread   C:\Windows\system32\svchost.exe [1816:2028]                                                                                                                                                                                                                 0000000000f7ef60
Thread   C:\Windows\system32\svchost.exe [1816:2032]                                                                                                                                                                                                                 0000000000f7ef60
Thread   C:\Windows\system32\svchost.exe [1816:2036]                                                                                                                                                                                                                 0000000000f7ef60
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3160]                                                                                                                                                                                      00000000768f7587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3448]                                                                                                                                                                                      0000000063390cb3
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:1016]                                                                                                                                                                                      0000000077aa2e65
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:5224]                                                                                                                                                                                      0000000077aa3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:2488]                                                                                                                                                                                      0000000077aa3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:4396]                                                                                                                                                                                      0000000077aa3e85
---- Processes - GMER 2.1 ----

Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28)        0000000065cb0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000065690000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:30)                                                                                        0000000066160000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)           0000000063880000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004a900000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30)                                                         0000000004400000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004ad00000
Library  c:\users\kurier\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-03-08 15:05:53)                                       0000000003df0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)        0000000064d80000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)         00000000618a0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)          0000000063440000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000062f80000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            00000000739a0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:30)                                                                                           00000000739f0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)  00000000738a0000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)         0000000073820000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)   0000000073780000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:28)                                                                       0000000072f50000
Library  C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:28)                                                                       0000000073860000

---- EOF - GMER 2.1 ----
         
--- --- ---
--- --- ---

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 08-03-2015 16:22:40
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) F:\Steam\Steam.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {080dcd91-99da-11e4-af5b-448a5b9af13c} - E:\autorun.exe
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {50d55878-a2ef-11e4-81b5-448a5b9af13c} - G:\SISetup.exe
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:22 - 2015-03-08 16:22 - 00022472 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 00000000 ____D () C:\FRST
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 16:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 15:23 - 2015-03-08 15:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-08 15:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-08 12:35 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-06 06:16 - 2015-02-06 06:32 - 00000000 ____D () C:\Program Files (x86)\GUMBD19.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 16:20 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-08 16:12 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 16:12 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 16:12 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:08 - 2014-10-11 12:43 - 01096346 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 16:07 - 2014-10-11 13:19 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-08 16:05 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 16:05 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 16:05 - 2010-11-21 04:47 - 00176240 _____ () C:\Windows\PFRO.log
2015-03-08 16:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 16:05 - 2009-07-14 05:51 - 00209820 _____ () C:\Windows\setupact.log
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 15:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 13:47 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-08 12:44 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-08 12:29 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-08 12:29 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-03-05 22:40 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans
2015-02-06 06:32 - 2015-01-12 09:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 06:32 - 2015-01-12 09:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\AutoWifi.exe
C:\Users\Kurier\AppData\Local\Temp\devcon64.exe
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe
C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe
C:\Users\Kurier\AppData\Local\Temp\siinst.exe
C:\Users\Kurier\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Kurier\AppData\Local\Temp\SpOrder.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.exe
C:\Users\Kurier\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 10:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Durch das Addition Logfile von FRST wird dieser beitrag leider zu lang.
Ich werde diesen auf Wunsch als Antwort auf diesen hier posten.

Vielen Dank im voraus für Ihre Mühe.

Geändert von kurier (08.03.2015 um 16:19 Uhr)

Alt 08.03.2015, 16:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 08.03.2015, 17:09   #3
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,
Danke für die schnelle antwort.

Hier ist das logfile:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 08-03-2015 18:05:58
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\Steam\Steam.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {080dcd91-99da-11e4-af5b-448a5b9af13c} - E:\autorun.exe
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {50d55878-a2ef-11e4-81b5-448a5b9af13c} - G:\SISetup.exe
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
U3 ufdiipod; \??\C:\Users\Kurier\AppData\Local\Temp\ufdiipod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 16:37 - 2015-03-08 16:37 - 00077695 _____ () C:\Users\Kurier\Desktop\GMER 2.1.19357.txt
2015-03-08 16:34 - 2015-03-08 16:34 - 00380416 _____ () C:\Users\Kurier\Downloads\Gmer-19357.exe
2015-03-08 16:31 - 2015-03-08 16:31 - 00000544 _____ () C:\Users\Kurier\Downloads\defogger_disable.log
2015-03-08 16:31 - 2015-03-08 16:31 - 00000168 _____ () C:\Users\Kurier\defogger_reenable
2015-03-08 16:30 - 2015-03-08 16:30 - 00050477 _____ () C:\Users\Kurier\Downloads\Defogger.exe
2015-03-08 16:22 - 2015-03-08 18:05 - 00022424 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-08 18:05 - 00000000 ____D () C:\FRST
2015-03-08 16:22 - 2015-03-08 16:23 - 00031797 _____ () C:\Users\Kurier\Downloads\Addition.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 16:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 15:23 - 2015-03-08 15:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-08 15:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-08 12:35 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-06 06:16 - 2015-02-06 06:32 - 00000000 ____D () C:\Program Files (x86)\GUMBD19.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 17:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 17:02 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-08 16:38 - 2014-10-11 12:43 - 01096530 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 16:34 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-08 16:31 - 2014-10-11 12:43 - 00000000 ____D () C:\Users\Kurier
2015-03-08 16:12 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 16:12 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 16:12 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:07 - 2014-10-11 13:19 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-08 16:05 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 16:05 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 16:05 - 2010-11-21 04:47 - 00176240 _____ () C:\Windows\PFRO.log
2015-03-08 16:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 16:05 - 2009-07-14 05:51 - 00209820 _____ () C:\Windows\setupact.log
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 12:44 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-08 12:29 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-08 12:29 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-03-05 22:40 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans
2015-02-06 06:32 - 2015-01-12 09:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 06:32 - 2015-01-12 09:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\AutoWifi.exe
C:\Users\Kurier\AppData\Local\Temp\devcon64.exe
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe
C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe
C:\Users\Kurier\AppData\Local\Temp\siinst.exe
C:\Users\Kurier\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Kurier\AppData\Local\Temp\SpOrder.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.exe
C:\Users\Kurier\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 10:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---




ein addition file ist dieses mal nicht erstellt worden.

Dieses Additionfile ist heute mittag erstellt worden und gehört noch zu meinem ersten post.Ich musste dieses aus platzgründen weglassen.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 02
Ran by Kurier at 2015-03-08 16:22:52
Running from C:\Users\Kurier\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7 Days to Die Dedicated Server (HKLM-x32\...\Steam App 294420) (Version:  - )
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Pirates 2: City of Abandoned Ships ver.1.3.0 (HKLM-x32\...\Age of Pirates 2: City of Abandoned Ships_is1) (Version:  - Playlogic Entertainment, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Commander Keen Complete Pack (HKLM-x32\...\Steam App 9180) (Version:  - id Software)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 3 Patch v1.8 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.8 - )
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gothic (HKLM-x32\...\Steam App 65540) (Version:  - Piranha – Bytes)
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes)
Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version:  - Piranha – Bytes)
GOTHIC2 ADDON - 'Odyssey — on behalf of the King' (HKLM-x32\...\GOTHIC2 ADDON - 'Odyssey — on behalf of the King') (Version: 1.0 - World of Gothic DE - Community © 2014)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Odyssee-Speech 1.0 (HKLM-x32\...\Odyssee-Speech) (Version: 1.0 - OdysseeModTeam)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version:  - Crytek)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1660 - )
Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version:  - Croteam)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version:  - Croteam)
Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version:  - Croteam)
Serious Sam Classics: Revolution (HKLM-x32\...\Steam App 227780) (Version:  - Croteam)
Serious Sam Double D XXL (HKLM-x32\...\Steam App 111600) (Version:  - Mommy's Best Games)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)
Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version:  - Croteam)
Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version:  - Vlambeer)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total War Battles: SHOGUN (HKLM-x32\...\Steam App 217060) (Version:  - The Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version:  - Tate Multimedia)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version:  - Creative Assembly, PC Port - Hardlight)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3258624858-2044797830-3490162811-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-03-2015 19:02:16 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 19:04:43 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 19:05:46 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 19:06:04 DirectX wurde installiert
06-03-2015 21:35:03 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:35:13 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:35:21 DirectX wurde installiert
06-03-2015 21:40:03 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:40:12 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:40:22 DirectX wurde installiert
06-03-2015 21:44:17 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:44:27 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 21:44:40 DirectX wurde installiert
06-03-2015 22:09:22 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 22:09:30 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 22:09:39 DirectX wurde installiert
06-03-2015 22:15:01 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 22:15:10 Microsoft Visual C++ 2005 Redistributable wird installiert
06-03-2015 22:15:22 DirectX wurde installiert
06-03-2015 22:37:24 Windows Update
08-03-2015 12:31:48 Microsoft Visual C++ 2005 Redistributable wird installiert
08-03-2015 12:32:29 Microsoft Visual C++ 2005 Redistributable wird installiert
08-03-2015 12:32:38 DirectX wurde installiert
08-03-2015 12:37:34 Removed Cisco AnyConnect Diagnostics and Reporting Tool
08-03-2015 12:38:02 Removed Cisco AnyConnect Secure Mobility Client
08-03-2015 12:41:53 Microsoft Visual C++ 2005 Redistributable wird installiert
08-03-2015 12:57:53 Microsoft Visual C++ 2005 Redistributable wird installiert
08-03-2015 12:58:05 Microsoft Visual C++ 2005 Redistributable wird installiert
08-03-2015 12:58:18 DirectX wurde installiert
08-03-2015 13:10:38 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E2656F4-E360-4F74-9804-3C2A0C8B3E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12] (Google Inc.)
Task: {323CBED3-FC41-4323-94FB-32B2A842F1F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12] (Google Inc.)
Task: {761CAA64-9E4E-435C-843B-C12257D65E23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-11 13:25 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-23 12:04 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2015-01-23 12:04 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-10-11 13:14 - 2012-11-01 10:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-11 13:14 - 2012-11-01 10:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-02-24 10:38 - 2015-02-18 02:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 10:38 - 2015-02-18 02:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-24 10:38 - 2015-02-18 02:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-08 16:05 - 2015-03-08 16:05 - 00043008 _____ () c:\users\kurier\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-11 13:13 - 2012-10-31 14:00 - 00991232 ____N () C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2014-02-19 17:51 - 2014-02-19 17:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-11 13:20 - 2014-11-11 19:47 - 00774656 _____ () F:\Steam\SDL2.dll
2015-01-23 15:14 - 2014-12-02 01:29 - 05002752 _____ () F:\Steam\v8.dll
2015-01-23 15:14 - 2014-12-02 01:29 - 01612800 _____ () F:\Steam\icui18n.dll
2015-01-23 15:14 - 2014-12-02 01:29 - 01210368 _____ () F:\Steam\icuuc.dll
2014-10-11 13:20 - 2015-02-19 00:51 - 02360000 _____ () F:\Steam\video.dll
2014-10-11 13:20 - 2014-12-01 22:31 - 02396672 _____ () F:\Steam\libavcodec-56.dll
2014-10-11 13:20 - 2014-12-01 22:31 - 00442880 _____ () F:\Steam\libavutil-54.dll
2014-10-11 13:20 - 2014-12-01 22:31 - 00479744 _____ () F:\Steam\libavformat-56.dll
2014-10-11 13:20 - 2014-12-01 22:31 - 00332800 _____ () F:\Steam\libavresample-2.dll
2014-10-11 13:20 - 2014-12-01 22:31 - 00485888 _____ () F:\Steam\libswscale-3.dll
2014-10-11 13:20 - 2015-02-19 00:51 - 00702656 _____ () F:\Steam\bin\chromehtml.DLL
2014-10-11 13:20 - 2015-01-28 02:30 - 34641288 _____ () F:\Steam\bin\libcef.dll
2014-10-11 13:20 - 2015-01-28 02:30 - 01709960 _____ () F:\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3258624858-2044797830-3490162811-500 - Administrator - Disabled)
Gast (S-1-5-21-3258624858-2044797830-3490162811-501 - Limited - Disabled)
Kurier (S-1-5-21-3258624858-2044797830-3490162811-1000 - Administrator - Enabled) => C:\Users\Kurier

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2015 04:07:50 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (03/08/2015 04:07:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 02:23:09 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (03/08/2015 02:23:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 02:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Launcher.exe_Borderlands 2 launcher, Version: 1.0.0.0, Zeitstempel: 0x5395f536
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xLauncher.exe_Borderlands 2 launcher0
Pfad der fehlerhaften Anwendung: Launcher.exe_Borderlands 2 launcher1
Pfad des fehlerhaften Moduls: Launcher.exe_Borderlands 2 launcher2
Berichtskennung: Launcher.exe_Borderlands 2 launcher3

Error: (03/08/2015 02:22:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Launcher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
   at System.Net.HttpWebRequest..ctor(System.Uri, System.Net.ServicePoint)
   at System.Net.HttpRequestCreator.Create(System.Uri)
   at System.Net.WebRequest.Create(System.Uri, Boolean)
   at System.Net.WebRequest.Create(System.String)
   at Launcher.DynamicContent.BlockingDownloadAvailableData(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/08/2015 01:48:30 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (03/08/2015 01:48:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 01:21:31 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (03/08/2015 01:21:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/08/2015 04:06:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 02:21:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 01:47:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 01:20:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 01:12:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 00:43:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 00:40:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 00:36:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/08/2015 00:35:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/08/2015 00:35:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-17 10:39:45.540
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-17 10:39:45.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-17 10:39:45.538
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-17 10:39:45.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-17 10:39:45.535
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-17 10:39:45.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 10:36:14.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 10:36:14.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 10:36:14.818
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 10:36:14.816
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
         
__________________

Alt 08.03.2015, 18:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.03.2015, 19:48   #5
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,

hier ist das logfile:
der Scan ist reibungslos verlaufen.

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-03-01.01 - Kurier 08.03.2015  19:59:44.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8141.5768 [GMT 1:00]
ausgeführt von:: c:\users\Kurier\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-08 bis 2015-03-08  ))))))))))))))))))))))))))))))
.
.
2015-03-08 19:01 . 2015-03-08 19:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-08 15:22 . 2015-03-08 17:06	--------	d-----w-	C:\FRST
2015-03-08 15:15 . 2015-03-08 15:21	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-03-08 14:23 . 2015-03-08 14:23	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-08 11:37 . 2015-03-08 11:37	--------	d-----w-	c:\windows\system32\appmgmt
2015-03-08 11:34 . 2015-03-08 11:35	--------	d-----w-	C:\AdwCleaner
2015-03-06 21:37 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A429D6C9-C200-4CC9-8D2A-E50407E46343}\mpengine.dll
2015-03-05 19:38 . 2015-03-05 19:38	--------	d-----w-	c:\users\Kurier\AppData\Roaming\LavasoftStatistics
2015-02-24 09:23 . 2015-02-24 09:23	--------	d-----w-	c:\users\Kurier\AppData\Local\Steam
2015-02-13 09:17 . 2015-01-23 05:50	3959296	----a-w-	c:\windows\system32\jscript9.dll
2015-02-13 09:17 . 2015-01-23 04:27	2864640	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-11 17:26 . 2015-01-13 07:18	775320	----a-w-	c:\program files\Internet Explorer\iexplore.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-11 20:27 . 2014-10-29 10:12	116773704	----a-w-	c:\windows\system32\MRT.exe
2015-01-16 06:41 . 2014-10-11 22:29	1316184	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2014-10-11 12:25	1278920	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-10-11 22:29	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2014-10-11 12:25	1514528	----a-w-	c:\windows\system32\nvspcap64.dll
2015-01-14 12:54 . 2015-01-14 12:54	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-11 22:04 . 2015-01-11 22:03	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2015-01-07 19:54 . 2015-01-11 23:11	370688	----a-w-	c:\windows\system32\ColorMedia64.dll
2014-12-19 03:06 . 2015-01-14 12:45	210432	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 12:45	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 12:45	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-15 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2013-08-16 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Super Charger"="c:\program files (x86)\MSI\Super Charger\Super Charger.exe" [2014-04-08 1047536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NTIOLIB_1_0_3
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 08:03]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-04 7543000]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-08-29 40576]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-02-21 5860656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: uni-kl.de\vpn
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-SecurityUtility - c:\programdata\SecurityUtility\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-08  20:02:14
ComboFix-quarantined-files.txt  2015-03-08 19:02
.
Vor Suchlauf: 16 Verzeichnis(se), 62.807.867.392 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 62.504.124.416 Bytes frei
.
- - End Of File - - C3028AC672D50AF9C82FD0E6AF16D049
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/code]

Hallo

ich habe gerade steam und spotify getestet und beide programme funktionieren wieder.

vielen dank für deine Hilfe!


Alt 09.03.2015, 11:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Wir sind noch nicht fertig !


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Spotify / Steam nur im Offlinemodus nutzbar

Alt 09.03.2015, 13:09   #7
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,

alles klar

hier die logfiles

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.03.2015
Suchlauf-Zeit: 13:04:59
Logdatei: Mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.09.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kurier

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349583
Verstrichene Zeit: 3 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
--- --- ---



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 09/03/2015 um 13:12:51
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Kurier - KURIER-PC
# Gestarted von : C:\Users\Kurier\Desktop\AdwCleaner_4.111 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17229


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [5158 Bytes] - [08/03/2015 12:34:14]
AdwCleaner[R1].txt - [977 Bytes] - [09/03/2015 13:11:42]
AdwCleaner[S0].txt - [4790 Bytes] - [08/03/2015 12:35:09]
AdwCleaner[S1].txt - [900 Bytes] - [09/03/2015 13:12:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [958  Bytes] ##########
         
--- --- ---



JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by Kurier on 09.03.2015 at 13:46:15,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2015 at 13:48:03,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 09-03-2015 14:02:51
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 13:48 - 2015-03-09 13:48 - 00000760 _____ () C:\Users\Kurier\Desktop\JRT.txt
2015-03-09 13:46 - 2015-03-09 13:12 - 00001037 _____ () C:\Users\Kurier\Desktop\AdwCleaner[S1].txt
2015-03-09 13:14 - 2015-03-09 13:14 - 01388333 _____ (Thisisu) C:\Users\Kurier\Desktop\JRT.exe
2015-03-09 13:09 - 2015-03-09 13:09 - 02126848 _____ () C:\Users\Kurier\Desktop\AdwCleaner_4.111 (1).exe
2015-03-09 13:08 - 2015-03-09 13:08 - 00001223 _____ () C:\Users\Kurier\Desktop\Malwarebytes Anti-Malware2.lnk
2015-03-09 13:04 - 2015-03-09 13:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-03-09 10:27 - 2015-03-09 10:27 - 00000000 ____D () C:\temp
2015-03-09 10:27 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-09 10:26 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-08 20:02 - 2015-03-08 20:02 - 00015451 _____ () C:\ComboFix.txt
2015-03-08 19:53 - 2015-03-08 20:02 - 00000000 ____D () C:\Qoobox
2015-03-08 19:53 - 2015-03-08 19:56 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 19:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 19:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 19:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 19:50 - 2015-03-08 19:50 - 05612482 ____R (Swearware) C:\Users\Kurier\Desktop\ComboFix.exe
2015-03-08 16:34 - 2015-03-08 16:34 - 00380416 _____ () C:\Users\Kurier\Downloads\Gmer-19357.exe
2015-03-08 16:31 - 2015-03-08 16:31 - 00000544 _____ () C:\Users\Kurier\Downloads\defogger_disable.log
2015-03-08 16:31 - 2015-03-08 16:31 - 00000168 _____ () C:\Users\Kurier\defogger_reenable
2015-03-08 16:30 - 2015-03-08 16:30 - 00050477 _____ () C:\Users\Kurier\Downloads\Defogger.exe
2015-03-08 16:22 - 2015-03-09 14:02 - 00021224 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-09 14:02 - 00000000 ____D () C:\FRST
2015-03-08 16:22 - 2015-03-08 16:23 - 00031797 _____ () C:\Users\Kurier\Downloads\Addition.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-09 13:12 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 13:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 13:28 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-09 13:20 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-09 13:20 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-09 13:20 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 13:20 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 13:20 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 13:15 - 2014-10-11 13:19 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-09 13:13 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 13:13 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-09 13:13 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-09 13:13 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-09 13:13 - 2010-11-21 04:47 - 00178168 _____ () C:\Windows\PFRO.log
2015-03-09 13:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 13:13 - 2009-07-14 05:51 - 00212625 _____ () C:\Windows\setupact.log
2015-03-09 13:12 - 2014-10-11 12:43 - 01502096 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-09 00:57 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-08 20:47 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-08 20:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-08 19:59 - 2015-02-04 09:54 - 00000000 ____D () C:\Users\Kurier\Desktop\Desktopkappes
2015-03-08 19:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-08 16:31 - 2014-10-11 12:43 - 00000000 ____D () C:\Users\Kurier
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-03-05 22:40 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans

==================== Files in the root of some directories =======

2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkq1yqc.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe
C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe
C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 19:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 09.03.2015, 18:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.03.2015, 21:28   #9
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,

hier die logs:

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=355ff29b282d52468e7f897ef1a13820
# engine=22824
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-09 07:25:43
# local_time=2015-03-09 08:25:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1297 16777213 100 100 25938 30001825 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 110849 177558993 0 0
# scanned=29924
# found=10
# cleaned=0
# scan_time=1744
sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=3E365578C151761F5E799B2A06A0C4B5AB293B7B ft=1 fh=641afd291d079167 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=EAE26C38934A5DFC7EB58B885FCC83DA388D5AE1 ft=1 fh=bf40033c211bd84f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=EEAF6ECD24DE592CF93A2CAE458696092E95E0FE ft=1 fh=91033ff7caa81cc6 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab_Bak.dll.vir"
sh=D49925D2871AD2EBD07B6E3388D84051F908209F ft=1 fh=e16c25dc480cc5da vn="Variante von Win32/Adware.PicColor.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\RfndNSIS.dll.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=74B985EAF67228CFE4DC801097348C25031EAC0F ft=1 fh=701913a3c08f14ae vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kurier\Downloads\download-adblock-chrome.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=355ff29b282d52468e7f897ef1a13820
# engine=22827
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-09 07:51:01
# local_time=2015-03-09 08:51:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1297 16777213 100 100 31056 30003343 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115967 177560511 0 0
# scanned=29974
# found=10
# cleaned=0
# scan_time=1444
sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=3E365578C151761F5E799B2A06A0C4B5AB293B7B ft=1 fh=641afd291d079167 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=EAE26C38934A5DFC7EB58B885FCC83DA388D5AE1 ft=1 fh=bf40033c211bd84f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=EEAF6ECD24DE592CF93A2CAE458696092E95E0FE ft=1 fh=91033ff7caa81cc6 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab_Bak.dll.vir"
sh=D49925D2871AD2EBD07B6E3388D84051F908209F ft=1 fh=e16c25dc480cc5da vn="Variante von Win32/Adware.PicColor.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\RfndNSIS.dll.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=74B985EAF67228CFE4DC801097348C25031EAC0F ft=1 fh=701913a3c08f14ae vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kurier\Downloads\download-adblock-chrome.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=355ff29b282d52468e7f897ef1a13820
# engine=22827
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-09 09:18:58
# local_time=2015-03-09 10:18:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1297 16777213 100 100 32733 30008620 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117644 177565788 0 0
# scanned=318489
# found=11
# cleaned=0
# scan_time=5206
sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=3E365578C151761F5E799B2A06A0C4B5AB293B7B ft=1 fh=641afd291d079167 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=EAE26C38934A5DFC7EB58B885FCC83DA388D5AE1 ft=1 fh=bf40033c211bd84f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=EEAF6ECD24DE592CF93A2CAE458696092E95E0FE ft=1 fh=91033ff7caa81cc6 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab_Bak.dll.vir"
sh=D49925D2871AD2EBD07B6E3388D84051F908209F ft=1 fh=e16c25dc480cc5da vn="Variante von Win32/Adware.PicColor.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\RfndNSIS.dll.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=74B985EAF67228CFE4DC801097348C25031EAC0F ft=1 fh=701913a3c08f14ae vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kurier\Downloads\download-adblock-chrome.exe"
sh=3DF6EAC26A5CCCD108834C4340BDFE1B64A9E078 ft=1 fh=ffdce2226e79d241 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kurier\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
         

SecurityCheck wollte nicht mit meinem Betriebssystem (win7 64bit)

hier die Fehlermeldung:

Code:
ATTFilter
UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
und zum Schluss noch FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 09-03-2015 22:23:03
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\Steam\Steam.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Take-Two Interactive Software, Inc.) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
(Valve Corporation) F:\Steam\GameOverlayUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 22:16 - 2015-03-09 22:16 - 00852604 _____ () C:\Users\Kurier\Desktop\SecurityCheck.exe
2015-03-09 19:52 - 2015-03-09 19:52 - 02347384 _____ (ESET) C:\Users\Kurier\Downloads\esetsmartinstaller_deu.exe
2015-03-09 14:06 - 2015-03-09 14:06 - 00001201 _____ () C:\Users\Kurier\Desktop\Mbam.txt
2015-03-09 14:05 - 2015-03-09 14:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028 (2).exe
2015-03-09 13:48 - 2015-03-09 13:48 - 00000760 _____ () C:\Users\Kurier\Desktop\JRT.txt
2015-03-09 13:14 - 2015-03-09 13:14 - 01388333 _____ (Thisisu) C:\Users\Kurier\Desktop\JRT.exe
2015-03-09 13:09 - 2015-03-09 13:09 - 02126848 _____ () C:\Users\Kurier\Desktop\AdwCleaner_4.111 (1).exe
2015-03-09 13:04 - 2015-03-09 13:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-03-09 10:27 - 2015-03-09 10:27 - 00000000 ____D () C:\temp
2015-03-09 10:27 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-09 10:26 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-08 20:02 - 2015-03-08 20:02 - 00015451 _____ () C:\ComboFix.txt
2015-03-08 19:53 - 2015-03-08 20:02 - 00000000 ____D () C:\Qoobox
2015-03-08 19:53 - 2015-03-08 19:56 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 19:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 19:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 19:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 19:50 - 2015-03-08 19:50 - 05612482 ____R (Swearware) C:\Users\Kurier\Desktop\ComboFix.exe
2015-03-08 16:34 - 2015-03-08 16:34 - 00380416 _____ () C:\Users\Kurier\Downloads\Gmer-19357.exe
2015-03-08 16:31 - 2015-03-08 16:31 - 00000544 _____ () C:\Users\Kurier\Downloads\defogger_disable.log
2015-03-08 16:31 - 2015-03-08 16:31 - 00000168 _____ () C:\Users\Kurier\defogger_reenable
2015-03-08 16:30 - 2015-03-08 16:30 - 00050477 _____ () C:\Users\Kurier\Downloads\Defogger.exe
2015-03-08 16:22 - 2015-03-09 22:23 - 00021604 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-09 22:23 - 00000000 ____D () C:\FRST
2015-03-08 16:22 - 2015-03-08 16:23 - 00031797 _____ () C:\Users\Kurier\Downloads\Addition.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-09 13:12 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 21:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 21:30 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-03-09 19:53 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-09 13:20 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-09 13:20 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-09 13:20 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 13:20 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 13:20 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 13:16 - 2014-10-11 12:43 - 01502096 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 13:15 - 2014-10-11 13:19 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-09 13:13 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 13:13 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-09 13:13 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-09 13:13 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-09 13:13 - 2010-11-21 04:47 - 00178168 _____ () C:\Windows\PFRO.log
2015-03-09 13:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 13:13 - 2009-07-14 05:51 - 00212625 _____ () C:\Windows\setupact.log
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-09 00:57 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-08 20:47 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-08 20:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-08 19:59 - 2015-02-04 09:54 - 00000000 ____D () C:\Users\Kurier\Desktop\Desktopkappes
2015-03-08 19:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-08 16:31 - 2014-10-11 12:43 - 00000000 ____D () C:\Users\Kurier
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans

==================== Files in the root of some directories =======

2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkq1yqc.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe
C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe
C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 19:01

==================== End Of Log ============================
         
--- --- ---


Probleme habe ich seid gestern abend schon nicht mehr
Danke für die Hilfe!

Alt 10.03.2015, 18:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Kurier\Downloads\download-adblock-chrome.exe

C:\Users\Kurier\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2015, 07:26   #11
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Hallo,

hier ist das Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 02
Ran by Kurier at 2015-03-11 08:20:59 Run:1
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Kurier\Downloads\download-adblock-chrome.exe

C:\Users\Kurier\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
RemoveProxy:
Emptytemp:
         
*****************

C:\Users\Kurier\Downloads\download-adblock-chrome.exe => Moved successfully.
C:\Users\Kurier\Downloads\VLC media player 64 Bit - CHIP-Installer.exe => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 08:21:07 ====
         
und hier das FRST log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 11-03-2015 08:23:57
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Users\Kurier\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\wmi64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-10] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]

Chrome: 
=======
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 15:33 - 2015-03-10 15:33 - 00068164 _____ () C:\Users\Kurier\Desktop\HP Installationsfehler – Vista.hta
2015-03-10 15:03 - 2015-03-10 15:03 - 00000608 ___SH () C:\Windows\system32\winzvprt5.sys
2015-03-10 15:03 - 2015-03-10 15:03 - 00000234 _____ () C:\Windows\system32\hppfaxprinter5.ini
2015-03-10 15:03 - 2015-03-10 15:03 - 00000000 ____D () C:\Users\Public\Documents\HP
2015-03-10 15:03 - 2015-03-10 15:03 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-10 15:03 - 2009-10-14 13:25 - 00157184 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn093.dll
2015-03-10 15:03 - 2009-10-14 13:16 - 00276480 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3093.DLL
2015-03-10 15:03 - 2009-09-22 20:44 - 00022016 ____N (Hewlett-Packard Company) C:\Windows\system32\hppfaxprintermon5.dll
2015-03-10 15:03 - 2009-09-22 20:44 - 00016384 ____N (Hewlett-Packard Company) C:\Windows\system32\hppfaxprintermonui5.dll
2015-03-10 15:03 - 2009-02-25 20:08 - 00671816 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL
2015-03-10 15:03 - 2007-07-16 15:29 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\fxcompchannel_x64.dll
2015-03-10 15:03 - 2007-07-16 15:29 - 00059928 _____ (Hewlett-Packard) C:\Windows\SysWOW64\fxcompchannel.dll
2015-03-10 15:02 - 2015-03-10 15:03 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-10 15:02 - 2015-03-10 15:02 - 00000741 _____ () C:\Windows\hpntwksetup.ini
2015-03-10 15:02 - 2015-03-10 15:02 - 00000216 _____ () C:\Windows\system32\AddPort.ini
2015-03-10 15:01 - 2015-03-10 15:34 - 00000398 _____ () C:\ProgramData\hpzinstall.log
2015-03-10 15:01 - 2015-03-10 15:03 - 00198975 _____ () C:\Windows\hppins11.dat
2015-03-10 15:01 - 2015-03-10 15:03 - 00000000 ____D () C:\ProgramData\HP
2015-03-10 15:01 - 2009-10-16 22:29 - 00005707 ____N () C:\Windows\hppmdl11.dat
2015-03-10 15:01 - 2009-09-28 20:49 - 01121280 _____ (Hewlett-Packard) C:\Windows\system32\hpptsp04_x64.dll
2015-03-10 15:01 - 2009-09-28 20:19 - 00770048 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hpptsp04.dll
2015-03-10 15:01 - 2009-09-16 20:28 - 00003212 _____ () C:\Windows\system32\hppls1312.spf
2015-03-10 15:01 - 2009-08-26 23:12 - 00995840 _____ (Hewlett-Packard) C:\Windows\system32\hpxp1312_x64.dll
2015-03-10 15:01 - 2008-09-27 00:37 - 00747008 _____ (Hewlett-Packard) C:\Windows\system32\hppasc11_x64.dll
2015-03-10 15:01 - 2008-09-27 00:37 - 00165376 _____ (Hewlett-Packard) C:\Windows\system32\hppdpr11_x64.dll
2015-03-10 15:01 - 2008-09-27 00:37 - 00000665 _____ () C:\Windows\system32\hppapr11.dat
2015-03-10 14:49 - 2015-03-10 14:54 - 323729320 _____ () C:\Users\Kurier\Downloads\CM1312series-win7-full-solution-AM-EMEA1-v5.1.exe
2015-03-10 14:35 - 2015-03-10 14:37 - 00000000 ____D () C:\Users\Kurier\Documents\Assassin's Creed Rogue
2015-03-10 11:08 - 2015-03-10 11:08 - 00000000 _____ () C:\Users\Kurier\Desktop\Neues Textdokument (2).txt
2015-03-09 22:24 - 2015-03-09 22:24 - 00000000 _____ () C:\Users\Kurier\Desktop\Neues Textdokument.txt
2015-03-09 22:16 - 2015-03-09 22:16 - 00852604 _____ () C:\Users\Kurier\Desktop\SecurityCheck.exe
2015-03-09 19:52 - 2015-03-09 19:52 - 02347384 _____ (ESET) C:\Users\Kurier\Downloads\esetsmartinstaller_deu.exe
2015-03-09 14:06 - 2015-03-09 14:06 - 00001201 _____ () C:\Users\Kurier\Desktop\Mbam.txt
2015-03-09 14:05 - 2015-03-09 14:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028 (2).exe
2015-03-09 13:48 - 2015-03-09 13:48 - 00000760 _____ () C:\Users\Kurier\Desktop\JRT.txt
2015-03-09 13:14 - 2015-03-09 13:14 - 01388333 _____ (Thisisu) C:\Users\Kurier\Desktop\JRT.exe
2015-03-09 13:09 - 2015-03-09 13:09 - 02126848 _____ () C:\Users\Kurier\Desktop\AdwCleaner_4.111 (1).exe
2015-03-09 13:04 - 2015-03-09 13:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-03-09 10:27 - 2015-03-09 10:27 - 00000000 ____D () C:\temp
2015-03-09 10:27 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-09 10:26 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-09 10:26 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-09 10:26 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-08 20:02 - 2015-03-08 20:02 - 00015451 _____ () C:\ComboFix.txt
2015-03-08 19:53 - 2015-03-08 20:02 - 00000000 ____D () C:\Qoobox
2015-03-08 19:53 - 2015-03-08 19:56 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 19:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 19:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 19:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 19:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 19:50 - 2015-03-08 19:50 - 05612482 ____R (Swearware) C:\Users\Kurier\Desktop\ComboFix.exe
2015-03-08 16:34 - 2015-03-08 16:34 - 00380416 _____ () C:\Users\Kurier\Downloads\Gmer-19357.exe
2015-03-08 16:31 - 2015-03-08 16:31 - 00000544 _____ () C:\Users\Kurier\Downloads\defogger_disable.log
2015-03-08 16:31 - 2015-03-08 16:31 - 00000168 _____ () C:\Users\Kurier\defogger_reenable
2015-03-08 16:30 - 2015-03-08 16:30 - 00050477 _____ () C:\Users\Kurier\Downloads\Defogger.exe
2015-03-08 16:22 - 2015-03-11 08:23 - 00020855 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-11 08:23 - 00000000 ____D () C:\FRST
2015-03-08 16:22 - 2015-03-08 16:23 - 00031797 _____ () C:\Users\Kurier\Downloads\Addition.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-09 13:12 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 08:22 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 08:22 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-11 08:22 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-11 08:22 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 08:22 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-11 08:22 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-11 08:22 - 2010-11-21 04:47 - 00183272 _____ () C:\Windows\PFRO.log
2015-03-11 08:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 08:22 - 2009-07-14 05:51 - 00216041 _____ () C:\Windows\setupact.log
2015-03-11 08:21 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-11 08:21 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-11 08:21 - 2014-10-11 13:19 - 00009620 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-11 08:21 - 2014-10-11 12:43 - 01601297 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 08:21 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 08:21 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 08:21 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 08:16 - 2009-07-14 05:45 - 00465992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 18:49 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-03-10 18:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 18:02 - 2014-10-11 13:17 - 00122504 _____ () C:\Users\Kurier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 15:39 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-10 15:39 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-10 15:03 - 2015-01-23 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-10 15:03 - 2009-07-14 03:34 - 00000513 _____ () C:\Windows\win.ini
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-09 10:27 - 2014-10-11 13:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-08 20:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-08 19:59 - 2015-02-04 09:54 - 00000000 ____D () C:\Users\Kurier\Desktop\Desktopkappes
2015-03-08 19:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-08 16:31 - 2014-10-11 12:43 - 00000000 ____D () C:\Users\Kurier
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans

==================== Files in the root of some directories =======

2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg
2015-03-10 15:01 - 2015-03-10 15:34 - 0000398 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9w0iau.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 19:01

==================== End Of Log ============================
         
--- --- ---

Alt 11.03.2015, 17:11   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2015, 19:31   #13
kurier
 
Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar



Nein wieder alles top
danke für die HIlfe!

Alt 12.03.2015, 08:47   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.03.2015, 08:47   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Spotify / Steam nur im Offlinemodus nutzbar - Standard

Spotify / Steam nur im Offlinemodus nutzbar




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Spotify / Steam nur im Offlinemodus nutzbar
anti-malware, detected, fehlercode 0xe0434352, harddisk, internet, kaspersky, logfiles, ntoskrnl.exe, nvbackend, pup.optional.clara.a, pup.optional.colormedia.a, pup.optional.opencandy, pup.optional.somoto, pup.optional.suptab.a, pup.optional.windowsprotectmanger.a, services.exe, spoolsv.exe, super, svchost.exe, system32, verbindungsprobleme



Ähnliche Themen: Spotify / Steam nur im Offlinemodus nutzbar


  1. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  2. TR/Crypt.ZPACK.Gen2 warnung wenn Spotify startet
    Plagegeister aller Art und deren Bekämpfung - 16.05.2015 (1)
  3. WIN 8.1: Avira meldet TR/Crypt.ZPACK.Gen2 in \AppData\Roaming\Spotify\Spotify.exe
    Log-Analyse und Auswertung - 13.05.2015 (7)
  4. Unerwünschte Werbung, Browser kaum noch nutzbar
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (10)
  5. Spotify, Skype, etc.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2014 (5)
  6. Win 7 (32): Laptop kaum noch nutzbar; Iminent & Co.
    Log-Analyse und Auswertung - 10.07.2014 (3)
  7. Nach Hacker-Angriff bei Spotify: App-Update für Android
    Nachrichten - 27.05.2014 (0)
  8. ANtivir: Yontoo.Gen2-Spotify funktioniert nicht mehr-Vista
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (26)
  9. avp.exe 50% Auslastung. erst nach beenden PC Nutzbar
    Log-Analyse und Auswertung - 31.12.2012 (12)
  10. csrss.exe macht Probleme (Beispiel: Spotify kann keine Internetverbindung mehr aufbauen und der Zugriff auf die Firewall ist gesperrt)
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (2)
  11. TR/Crypt.ZPACK.Gen2 [trojan] in C:\Users\user\AppData\Roaming\Spotify\spotify.exe | Avira Profession
    Log-Analyse und Auswertung - 29.06.2012 (3)
  12. Gen:Trojan.Heur.GM.0000036090 (Engine A) in spotify.exe
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (1)
  13. Steam(file2.exe) ohne das man Steam installiert hat
    Plagegeister aller Art und deren Bekämpfung - 21.02.2010 (1)
  14. Web nur tw. nutzbar
    Plagegeister aller Art und deren Bekämpfung - 09.05.2009 (11)
  15. CD-Rom Laufwerk verschwunden+sämtliche Programme nur eingeschränkt nutzbar
    Alles rund um Windows - 24.10.2006 (1)
  16. 2 Festplatten in einem Desktoprechner wie 2 völlig unterschiedliche PC's nutzbar?
    Netzwerk und Hardware - 26.06.2006 (1)
  17. eScan und HiJackThis parallel zu Norton AntiVirus nutzbar?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.02.2006 (2)

Zum Thema Spotify / Steam nur im Offlinemodus nutzbar - Hallo, Seid heute sind Steam und Spotify nur noch im offlinemodus nutzbar, obwohl mein Rechner (per lan) mit dem Internet verbunden ist. Google Chrome funktioniert soweit einwandfrei. Ich vermute, dass - Spotify / Steam nur im Offlinemodus nutzbar...
Archiv
Du betrachtest: Spotify / Steam nur im Offlinemodus nutzbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.