| |
| |||||||
Log-Analyse und Auswertung: Spotify / Steam nur im Offlinemodus nutzbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.03.2015, 17:12
| #1 |
| |  Spotify / Steam nur im Offlinemodus nutzbar Hallo, Seid heute sind Steam und Spotify nur noch im offlinemodus nutzbar, obwohl mein Rechner (per lan) mit dem Internet verbunden ist. Google Chrome funktioniert soweit einwandfrei. Ich vermute, dass Viren das Problem verursachen und habe schon einmal diverse Logfiles erstellt die ich nun posten werde. Malwarebytes Anti-Malware Logfile Datenbank lässt sich nicht aktualisieren, Database Version: v2014.11.20.06 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.03.2015 Scan Time: 15:24:02 Logfile: malwarebytes Anti-Malware log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.11.20.06 Rootkit Database: v2014.11.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kurier Scan Type: Threat Scan Result: Completed Objects Scanned: 316190 Time Elapsed: 3 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 9 PUP.Optional.Clara.A, C:\Users\Kurier\AppData\Local\Temp\setup.exe, Quarantined, [d63055e998e49a9c3e08606c61a0a15f], PUP.Optional.Somoto, C:\Users\Kurier\AppData\Local\Temp\bitool.dll, Quarantined, [47bf80bef7851125784ac4c2bf43847c], PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\STab_v4.0.exe, Quarantined, [e224b38bd4a839fdaadbbe77ce32ec14], PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [ee18c975e99367cf8001f5c72cd538c8], PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\STab_v4.0.exe, Quarantined, [cd39ca74bbc10e28afd6013499671ae6], PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [c5419da16715ba7c4938a6164bb67789], PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\SetupImgBurn_2.5.8.0.exe, Quarantined, [e4229f9f92ea52e4ab5bcaabd72e2ad6], PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\DTLite4491-0356.exe, Quarantined, [ca3cd26c80fcab8ba264fd78b055d42c], PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, Quarantined, [c73f7fbfccb0b185b8003a779c6807f9], Physical Sectors: 0 (No malicious items detected) (end) GMER Logfile: Code:
ATTFilter GMER 2.1.19357 logfile: --- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02 Ran by Kurier (administrator) on KURIER-PC on 08-03-2015 16:22:40 Running from C:\Users\Kurier\Downloads Loaded Profiles: Kurier (Available profiles: Kurier) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Valve Corporation) F:\Steam\Steam.exe (Valve Corporation) F:\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) F:\Steam\bin\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd) HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {080dcd91-99da-11e4-af5b-448a5b9af13c} - E:\autorun.exe HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {50d55878-a2ef-11e4-81b5-448a5b9af13c} - G:\SISetup.exe Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll File Not found () Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll File Not found () Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] () FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28] Chrome: ======= CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5 CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11] CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12] CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11] CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11] CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12] CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12] CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11] CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.) S3 avchv; system32\DRIVERS\avchv.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe 2015-03-08 16:22 - 2015-03-08 16:22 - 00022472 _____ () C:\Users\Kurier\Downloads\FRST.txt 2015-03-08 16:22 - 2015-03-08 16:22 - 00000000 ____D () C:\FRST 2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe 2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk 2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe 2015-03-08 15:23 - 2015-03-08 16:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-08 15:23 - 2015-03-08 15:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-08 15:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-08 15:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-08 15:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-08 12:34 - 2015-03-08 12:35 - 00000000 ____D () C:\AdwCleaner 2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe 2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics 2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe 2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight 2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url 2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam 2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-02-06 06:16 - 2015-02-06 06:32 - 00000000 ____D () C:\Program Files (x86)\GUMBD19.tmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-08 16:20 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-08 16:12 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat 2015-03-08 16:12 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat 2015-03-08 16:12 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-08 16:08 - 2014-10-11 12:43 - 01096346 _____ () C:\Windows\WindowsUpdate.log 2015-03-08 16:07 - 2014-10-11 13:19 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2015-03-08 16:05 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-08 16:05 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-08 16:05 - 2010-11-21 04:47 - 00176240 _____ () C:\Windows\PFRO.log 2015-03-08 16:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-08 16:05 - 2009-07-14 05:51 - 00209820 _____ () C:\Windows\setupact.log 2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-08 15:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-08 13:47 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify 2015-03-08 12:44 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify 2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-03-08 12:29 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox 2015-03-08 12:29 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox 2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA 2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games 2015-03-05 22:40 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client 2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans 2015-02-06 06:32 - 2015-01-12 09:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 06:32 - 2015-01-12 09:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg Some content of TEMP: ==================== C:\Users\Kurier\AppData\Local\Temp\AutoWifi.exe C:\Users\Kurier\AppData\Local\Temp\devcon64.exe C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin64.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming64.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe C:\Users\Kurier\AppData\Local\Temp\siinst.exe C:\Users\Kurier\AppData\Local\Temp\smt_mystartsearch.exe C:\Users\Kurier\AppData\Local\Temp\SpOrder.dll C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll C:\Users\Kurier\AppData\Local\Temp\sqlite3.exe C:\Users\Kurier\AppData\Local\Temp\strings.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 10:36 ==================== End Of Log ============================ --- --- --- Durch das Addition Logfile von FRST wird dieser beitrag leider zu lang. Ich werde diesen auf Wunsch als Antwort auf diesen hier posten. Vielen Dank im voraus für Ihre Mühe. Geändert von kurier (08.03.2015 um 17:19 Uhr) |
| Themen zu Spotify / Steam nur im Offlinemodus nutzbar |
| anti-malware, detected, fehlercode 0xe0434352, harddisk, internet, kaspersky, logfiles, ntoskrnl.exe, nvbackend, pup.optional.clara.a, pup.optional.colormedia.a, pup.optional.opencandy, pup.optional.somoto, pup.optional.suptab.a, pup.optional.windowsprotectmanger.a, services.exe, spoolsv.exe, super, svchost.exe, system32, verbindungsprobleme |
Baum-Darstellung