| |
| |||||||
Log-Analyse und Auswertung: Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entferntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.04.2015, 14:27
| #1 | |
| |  Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt Guten Tag liebes trojaner-board. Der pC an dem ich Sitze hat das Problem, dass wenn ich den Browser aufrufe automatisch die Internetseite "hxxp://gotut.ru/" geöffnet wird. Ich habe bereits in den Einstellungen geguckt, bei den Plugins, vermutliche installierte Toolbarsoftware und die Cookies gelöscht. Leider alles vergebens. Einen Scan mit Spybot S&D sowie mit AdwCleaner habe ich bereits ausgeführt. Beide Programme haben Fehler gefunden und behoben allerdings zu keiner Lösung des Problems mit dem Internetbrowser geführt. Leider habe ich nur ein Log vom Spybot und den anderen nicht, weil ich das erste mal hier bin und nicht wusste wie der Spaß läuft  ....Momentan bemüht sich ESET Onlinescanner und meldet 14 Infizierte Datein bis jetzt. Win32/Toobar.Widgi Win32/Conditut.SearchProtectY win32/clientconnect.A Ich hoffe ich kann etwas mehr mit eurer Unterstützung erreichen und das Problem besser für euch Analysieren. Viele Grüße und danke im vorraus Zitat:
|
|
06.04.2015, 14:32
| #2 |
| /// the machine /// TB-Ausbilder    | Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.04.2015, 14:39
| #3 |
| | Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entferntFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by dom (administrator) on DOM-PC on 06-04-2015 15:35:06
Running from C:\Users\dom\Downloads
Loaded Profiles: dom (Available profiles: dom)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY Lingvo x3\LvAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\dom\AppData\Roaming\uTorrent\uTorrent.exe
(Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Lingvo Launcher] => C:\Program Files\ABBYY Lingvo x3\LvAgent.exe [1774856 2010-09-07] (ABBYY (BIT Software))
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\PE_F_DOM\...\Run: [Google Update] => F:\Users\Dom\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-22] (Google Inc.)
HKU\PE_F_DOM\...\Run: [TomTomHOME.exe] => "F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\PE_F_DOM\...\Run: [AlcoholAutomount] => F:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\PE_F_DOM\...\Run: [uTorrent] => F:\Users\Dom\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-02-22] (BitTorrent Inc.)
HKU\PE_F_DOM\...\Run: [Rambler Update] => F:\Users\Dom\AppData\Local\Rambler\RamblerUpdater\RUpdate.exe [1707296 2015-01-21] (Rambler)
HKU\PE_F_DOM\...\Run: [Skype] => F:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\PE_F_DOM\...\MountPoints2: O - O:\AutoRun.exe
HKU\PE_F_DOM\...\MountPoints2: {06aa0e10-75aa-11e0-babf-0030673e868e} - M:\LaunchU3.exe -a
HKU\PE_F_DOM\...\MountPoints2: {4658bfec-75e8-11e0-b8a9-806e6f6e6963} - H:\talk-now\tlknow32.exe \talk-now\data\startup.ast
HKU\PE_F_DOM\...\MountPoints2: {8e6c3613-1a5d-11e1-abcc-0030673e868e} - O:\AutoRun.exe
HKU\PE_F_DOM\...\MountPoints2: {8e6c3617-1a5d-11e1-abcc-0030673e868e} - O:\AutoRun.exe
HKU\PE_F_UPDATUSUSER\...\Run: [Google Update] => F:\Users\Dom\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-22] (Google Inc.)
HKU\PE_F_UPDATUSUSER\...\Run: [AlcoholAutomount] => F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [31072 2010-05-27] (Alcohol Soft Development Team)
HKU\PE_F_UPDATUSUSER\...\Run: [TomTomHOME.exe] => "F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\PE_F_UPDATUSUSER\...\Run: [Rambler Update] => F:\Users\UpdatusUser\AppData\Local\Rambler\RamblerUpdater\RUpdate.exe /startscheduler
HKU\PE_F_UPDATUSUSER\...\RunOnce: [blekkotb] => reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f
HKU\PE_F_UPDATUSUSER\...\RunOnce: [blekkotb_XP] => reg.exe delete "HKCU\Software\blekkotb" /f
HKU\PE_F_UPDATUSUSER\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\PE_F_UPDATUSUSER\...\MountPoints2: O - O:\AutoRun.exe
HKU\PE_F_UPDATUSUSER\...\MountPoints2: {06aa0e10-75aa-11e0-babf-0030673e868e} - M:\LaunchU3.exe -a
HKU\PE_F_UPDATUSUSER\...\MountPoints2: {8e6c3613-1a5d-11e1-abcc-0030673e868e} - O:\AutoRun.exe
HKU\PE_F_UPDATUSUSER\...\MountPoints2: {8e6c3617-1a5d-11e1-abcc-0030673e868e} - O:\AutoRun.exe
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [WebCallDirect] => "C:\Program Files\WebCallDirect.com\WebCallDirect\webcalldirect.exe" -nosplash -minimized
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [uTorrent] => C:\Users\dom\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-14] (BitTorrent Inc.)
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [CheapVoip] => "C:\Program Files\CheapVoip.com\CheapVoip\cheapvoip.exe" -nosplash -minimized
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [Orbitum] => C:\Users\dom\AppData\Local\Orbitum\Application\chrome.exe
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2174976 2009-10-05] (Gainward Co.)
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2015-03-29] (VoipConnect)
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\PE_F_DOM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP75B244AD-1F7F-4F1F-AFD9-4400056036F9
HKU\PE_F_DOM\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\PE_F_UPDATUSUSER\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mail.ru/cnt/8731
HKU\PE_F_UPDATUSUSER\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\PE_F_DOM -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP75B244AD-1F7F-4F1F-AFD9-4400056036F9&q={searchTerms}
SearchScopes: HKU\PE_F_DOM -> yandex.ru-162214 URL = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201205014653443AA1E6745FB2FC9D34&q={searchTerms}
SearchScopes: HKU\PE_F_DOM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP75B244AD-1F7F-4F1F-AFD9-4400056036F9&q={searchTerms}
SearchScopes: HKU\PE_F_DOM -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://yandex.ru/yandsearch?win=43&clid=1168537-850&text={searchTerms}
SearchScopes: HKU\PE_F_DOM -> {891CF97A-5ADE-4D99-B8BB-D652621603D5} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKU\PE_F_DOM -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\PE_F_DOM -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
SearchScopes: HKU\PE_F_UPDATUSUSER -> DefaultScope {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\PE_F_UPDATUSUSER -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201205014653443AA1E6745FB2FC9D34&q={searchTerms}
SearchScopes: HKU\PE_F_UPDATUSUSER -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Toolbar: HKU\PE_F_DOM -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKU\PE_F_DOM -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\PE_F_DOM -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\76bc9bom.default-1428137666770
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.yandex.ru/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-10-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\PE_F_DOM: @tools.google.com/Google Update;version=3 -> F:\Users\Dom\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin HKU\PE_F_DOM: @tools.google.com/Google Update;version=9 -> F:\Users\Dom\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-10-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml [2014-07-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2014-07-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2014-07-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2014-07-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2014-12-09]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://mail.ru/"
CHR Plugin: (Shockwave Flash) - c:\PROGRA~1\google\chrome\APPLIC~1\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - c:\PROGRA~1\google\chrome\APPLIC~1\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - c:\PROGRA~1\google\chrome\APPLIC~1\41.0.2272.118\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Profile: C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10]
CHR Extension: (Google Drive) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10]
CHR Extension: (YouTube) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10]
CHR Extension: (Google Search) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Google Wallet) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.Lingvo.Desktop.14.0; C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [816392 2010-05-07] (ABBYY)
S2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2015-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [804600 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-09-19] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-09-19] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-19] (Avira GmbH)
R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-06 15:35 - 2015-04-06 15:36 - 00021601 _____ () C:\Users\dom\Downloads\FRST.txt
2015-04-06 15:34 - 2015-04-06 15:35 - 00000000 ____D () C:\FRST
2015-04-06 15:34 - 2015-04-06 15:34 - 01135104 _____ (Farbar) C:\Users\dom\Downloads\FRST.exe
2015-04-06 15:32 - 2015-04-06 15:32 - 00000000 ____D () C:\Users\dom\Desktop\CoreTemp32
2015-04-06 15:31 - 2015-04-06 15:31 - 00734473 _____ () C:\Users\dom\Downloads\CoreTemp_106.zip
2015-04-06 15:20 - 2015-04-06 15:20 - 00000000 ____D () C:\Users\dom\Documents\ProcAlyzer Dumps
2015-04-06 14:48 - 2015-04-06 14:48 - 02347384 _____ (ESET) C:\Users\dom\Downloads\esetsmartinstaller_deu.exe
2015-04-06 14:48 - 2015-04-06 14:48 - 00000000 ____D () C:\Program Files\ESET
2015-04-06 14:47 - 2015-04-06 14:47 - 00001647 _____ () C:\Users\dom\Desktop\JRT.txt
2015-04-06 14:45 - 2015-04-06 14:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DOM-PC-Windows-7-Professional-(32-bit).dat
2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\RegBackup
2015-04-06 14:44 - 2015-04-06 14:44 - 02691312 _____ (Thisisu) C:\Users\dom\Downloads\JRT.exe
2015-04-06 14:34 - 2015-04-06 14:34 - 02208768 _____ () C:\Users\dom\Downloads\adwcleaner_4.200 (2).exe
2015-04-06 14:34 - 2015-04-06 14:34 - 02208768 _____ () C:\Users\dom\Downloads\adwcleaner_4.200 (1).exe
2015-04-06 13:47 - 2015-02-04 01:57 - 00606920 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-04-06 13:30 - 2015-04-06 14:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-06 13:30 - 2015-04-06 13:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-06 13:30 - 2015-04-06 13:30 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-06 13:30 - 2015-04-06 13:30 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-06 13:30 - 2015-04-06 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-06 13:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-06 13:27 - 2015-04-06 13:28 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\dom\Downloads\spybot-2.4.exe
2015-04-06 13:06 - 2015-04-06 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 13:05 - 2015-04-06 13:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dom\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-05 11:30 - 2015-04-05 11:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-04 14:14 - 2015-04-04 14:14 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:02 - 2015-04-04 11:02 - 02208768 _____ () C:\Users\dom\Downloads\adwcleaner_4.200.exe
2015-04-04 10:43 - 2015-04-04 10:43 - 00001485 ___RS () C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlorеr.lnk
2015-04-04 10:43 - 2015-04-04 10:43 - 00001291 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firefox.lnk
2015-04-04 10:43 - 2015-04-04 10:43 - 00001183 ___RS () C:\Users\Public\Desktop\Gооgle Сhrome.lnk
2015-04-04 10:43 - 2015-04-04 10:43 - 00000000 ____D () C:\Users\dom\AppData\Roaming\SPI
2015-04-04 10:43 - 2015-04-04 10:43 - 00000000 ____D () C:\Users\dom\AppData\Roaming\Browsers
2015-03-29 13:13 - 2015-03-29 13:14 - 01054912 _____ (Adobe) C:\Users\dom\Downloads\install_flashplayer17x32au_mssa_aaa_aih(1).exe
2015-03-28 17:48 - 2015-04-04 21:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-14 18:27 - 2015-03-30 13:48 - 00000000 ____D () C:\Users\dom\Desktop\OpenHardwareMonitor
2015-03-14 17:30 - 2015-03-14 17:30 - 00000000 ____D () C:\Users\dom\Documents\openhardwaremonitor-v0.7.1-beta
2015-03-14 17:18 - 2015-03-14 17:18 - 01582736 _____ ( ) C:\Users\dom\Downloads\cpu-z_1.72-en.exe
2015-03-14 17:18 - 2015-03-14 17:18 - 00001022 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-03-14 17:18 - 2015-03-14 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-14 17:18 - 2015-03-14 17:18 - 00000000 ____D () C:\Program Files\CPUID
2015-03-13 10:51 - 2015-03-13 10:52 - 01054912 _____ (Adobe) C:\Users\dom\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe
2015-03-11 09:01 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:01 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:01 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:01 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:01 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:01 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:01 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:01 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:01 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:01 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:01 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:01 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:01 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:01 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:01 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:01 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:01 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:01 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:01 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:01 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:01 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:01 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:01 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:01 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:01 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:01 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:01 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:01 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:01 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:01 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:01 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:01 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:01 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:01 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:01 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:01 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:01 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:01 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:01 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:01 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:01 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:01 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:01 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:01 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:01 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:01 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:01 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:01 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:01 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:01 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 09:01 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:01 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:00 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:00 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:00 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:00 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:00 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:00 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:00 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:00 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:00 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:00 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:00 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:00 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:00 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:00 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:00 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:00 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-06 15:34 - 2013-09-10 21:15 - 00000000 ____D () C:\Users\dom\AppData\Roaming\uTorrent
2015-04-06 15:34 - 2009-07-14 06:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 15:34 - 2009-07-14 06:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 15:25 - 2013-09-10 14:01 - 00000000 ____D () C:\Users\dom\AppData\Roaming\Skype
2015-04-06 15:25 - 2013-09-10 13:17 - 01116776 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 15:23 - 2013-09-10 14:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 15:20 - 2015-01-13 19:42 - 00000000 ____D () C:\AdwCleaner
2015-04-06 14:51 - 2013-09-10 20:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 14:51 - 2009-07-14 06:39 - 00337054 _____ () C:\Windows\setupact.log
2015-04-06 14:45 - 2010-11-20 23:01 - 01628600 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 14:38 - 2013-09-10 20:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 14:38 - 2013-09-10 13:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 14:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 14:31 - 2010-11-20 23:48 - 00212752 _____ () C:\Windows\PFRO.log
2015-04-06 14:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-06 13:47 - 2013-09-10 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-06 13:47 - 2013-09-10 13:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 13:47 - 2010-10-21 13:08 - 00000000 ____D () C:\Temp
2015-04-06 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2015-04-06 13:06 - 2014-01-29 21:57 - 00002223 _____ () C:\Users\dom\Desktop\Downloads.lnk
2015-04-05 11:30 - 2014-07-25 23:19 - 00000000 ____D () C:\Users\dom\AppData\Local\Adobe
2015-04-05 11:30 - 2013-09-10 14:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-05 11:30 - 2013-09-10 14:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-05 11:25 - 2013-09-10 13:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 10:54 - 2014-06-14 21:04 - 00000000 ____D () C:\Users\dom\Desktop\Старые данные Firefox
2015-04-04 10:43 - 2013-09-10 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-03 20:53 - 2013-09-10 20:42 - 00002125 ____H () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 16:15 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 01:44 - 2014-12-02 18:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 20:01 - 2009-07-14 06:33 - 00435944 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 19:18 - 2013-09-10 14:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 19:17 - 2013-09-10 15:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 19:13 - 2013-09-10 15:44 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 14:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 12:30 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-10 15:30 - 2013-09-19 22:04 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-10 15:30 - 2013-09-19 22:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 15:30 - 2013-09-19 22:02 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
==================== Files in the root of some directories =======
2014-06-06 14:50 - 2014-06-06 18:50 - 0018167 _____ () C:\Users\dom\AppData\Local\ramcpuversion.txt
Some content of TEMP:
====================
C:\Users\dom\AppData\Local\Temp\avgnt.exe
C:\Users\dom\AppData\Local\Temp\ose00000.exe
C:\Users\dom\AppData\Local\Temp\ose00001.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 13:22
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by dom at 2015-04-06 15:36:19
Running from C:\Users\dom\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\PE_F_DOM\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\PE_F_UPDATUSUSER\...\uTorrent) (Version: 1.7.7 - )
µTorrent (HKU\S-1-5-21-402423875-3588787103-3882004954-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
ABBYY Lingvo x3 (HKLM\...\{A1400000-0000-0000-0000-074957833700}) (Version: 14.00.786.6095 - ABBYY)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Russian (HKLM\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.8.532 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3946 - APN, LLC)
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
CanoScan Toolbox Ver4.9 (HKLM\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
EXPERTool 7.6 (HKLM\...\EXPERTool_is1) (Version: - Gainward Co., Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome (HKU\PE_F_DOM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Chrome (HKU\PE_F_UPDATUSUSER\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 ru) (HKLM\...\Mozilla Firefox 37.0.1 (x86 ru)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-402423875-3588787103-3882004954-1000_Classes\CLSID\{935D6757-C96A-A61D-C321-764C155D718C}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {026B5736-FBF8-43AD-8870-F222B0C727E1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {089F330B-797A-4DC3-859E-4407148BD408} - System32\Tasks\Microsoft Office 15 Sync Maintenance for dom-PC-dom dom-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {34585C96-3A56-46B6-B607-A44D1E28C293} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3C749DAA-6A9C-45CF-BB34-F57F857EA850} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-05] (Adobe Systems Incorporated)
Task: {3EF0559E-BC89-4CFD-B82A-7A8694497105} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
Task: {5A87C3E7-41B0-462E-985E-39E27B660908} - System32\Tasks\{F6BB6642-A8FE-4D86-9DFF-68F8433F918A} => pcalua.exe -a C:\Users\dom\Downloads\setup_de(3).exe -d C:\Users\dom\Downloads
Task: {667FADBA-0EAA-4131-8069-169B307AD67A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {875AE6D3-CB7A-4F13-877A-DDAD4EC9C6BF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9C21B2DA-2DAE-4CC0-B2F3-9EA2C29BA50E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9DE6220F-5517-463A-975A-2EA1600593FB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2CEABD7-9B93-4230-87C8-BBB3FF408FDC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A4359769-E110-46C1-A803-44DDB5228CE8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {B27B755F-7835-49E3-9341-19AEB625E8B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CB028534-29D7-4E9D-8D67-75883F15465A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA9F00C1-38A0-4C7B-847D-C6244F9E1BB0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E40E6D8D-5CC8-4936-BEC4-E7DDAD57C396} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E4912B61-BA2D-41AE-A254-4875BF04AF09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-10 13:38 - 2015-02-04 04:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-04-06 13:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-06 13:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-06 13:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-27 13:41 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files\EXPERTool\TBManage.dll
2015-04-06 13:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-06 13:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-03 20:53 - 2015-03-30 23:07 - 01174856 _____ () c:\Program Files\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 20:53 - 2015-03-30 23:07 - 00080200 _____ () c:\Program Files\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 20:53 - 2015-03-30 23:07 - 09279304 _____ () c:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 20:53 - 2015-03-30 23:07 - 14974280 _____ () c:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\PE_F_DOM\Control Panel\Desktop\\Wallpaper -> F:\Users\Dom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-402423875-3588787103-3882004954-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-402423875-3588787103-3882004954-500 - Administrator - Disabled)
dom (S-1-5-21-402423875-3588787103-3882004954-1000 - Administrator - Enabled) => C:\Users\dom
Gast (S-1-5-21-402423875-3588787103-3882004954-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-402423875-3588787103-3882004954-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2015 03:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDTools.exe, Version 2.4.40.157 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b84
Startzeit: 01d0706c77685589
Endzeit: 19
Anwendungspfad: C:\Program Files\Spybot - Search & Destroy 2\SDTools.exe
Berichts-ID: c93bcfbb-dc5f-11e4-bd0a-00306757e7db
System errors:
=============
Error: (04/06/2015 03:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (04/06/2015 03:25:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (04/06/2015 03:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (04/06/2015 03:25:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (04/06/2015 03:25:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (04/06/2015 03:25:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (04/06/2015 03:25:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (04/06/2015 03:25:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (04/06/2015 03:25:52 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (04/06/2015 03:25:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (04/06/2015 03:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDTools.exe2.4.40.157b8401d0706c7768558919C:\Program Files\Spybot - Search & Destroy 2\SDTools.exec93bcfbb-dc5f-11e4-bd0a-00306757e7db
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 3071.3 MB
Available physical RAM: 1492.94 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4249.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:64.01 GB) (Free:22.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:356.68 GB) (Free:62.67 GB) NTFS
Drive e: () (Fixed) (Total:233.53 GB) (Free:46.1 GB) NTFS
Drive f: () (Fixed) (Total:45.07 GB) (Free:3.21 GB) NTFS
Drive g: () (Fixed) (Total:232.22 GB) (Free:22.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EF11EF11)
Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=356.7 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=45.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C3EB0719)
Partition 2: (Active) - (Size=465.8 GB) - (Type=05)
==================== End Of Log ============================
|
|
06.04.2015, 18:15
| #4 |
| /// the machine /// TB-Ausbilder | Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2015, 12:06
| #5 |
| | Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt Hey, danke erst einmal für die Hilfe bis jetzt. Combofix läuft jetzt schon etwas über eine Stunde und macht nicht den Eindruck bald fertig zu werden. Ist das normal oder habe ich hier ein Problem? |
|
07.04.2015, 17:46
| #6 |
| /// the machine /// TB-Ausbilder | Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt Kommt drauf an. Wo genau steht er? AV Programm ist aus? Wenn es immer noch läuft dann bitte beenden und Rechner neu starten. Frisches FRST log bitte.
__________________ --> Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt |
|
| Themen zu Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt |
| browser, computer, dll, einstellungen, entfernen, escan, explorer, explorer.exe, fehler, file, firefox, flash player, google, helper.exe, infizierte, installation, internet explorer, log, microsoft, problem, programme, registry key, s3.amazonaws.com, scan, server, tan, wallpaper, window 7, windows |
Linear-Darstellung
