Schritt 1: Code:
# AdwCleaner v3.023 - Bericht erstellt am 17/04/2014 um 20:01:09
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner3023.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mysearchdial
Datei Gelöscht : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\PIP
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cdqqwrnj.default-1397584252939\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7589 octets] - [17/04/2014 19:56:23]
AdwCleaner[R1].txt - [7653 octets] - [17/04/2014 19:59:53]
AdwCleaner[S0].txt - [6110 octets] - [17/04/2014 20:01:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6170 octets] ##########
Schritt 2: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 17.04.2014
Suchlauf-Zeit: 20:13:50
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.04.16.11
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 255251
Verstrichene Zeit: 6 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 28
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [8d73d52b11ef9a669d601a30e61cd62a],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 1
PUP.Optional.MySearchDial.A, C:\Users\Admin\AppData\Local\Temp\is960482\mysearchdial.dll, In Quarantäne, [35cbba46e51b28d8970c133abb461de3],
Physische Sektoren: 0
(No malicious items detected)
(end)
Schritt 3: Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0bb3911275f748419e4f1b77c2bdc915
# engine=17931
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 08:55:58
# local_time=2014-04-17 10:55:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23969780 149398008 0 0
# scanned=182871
# found=2
# cleaned=0
# scan_time=9377
sh=85DE30A840863B1BB41C2AAF3AAC582B7F7D29A0 ft=1 fh=57ff08534485c859 vn="a variant of Win32/Injected.F trojan" ac=I fn="C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAQUIKB3\JDownloader2Setup[1].exe"
sh=9194488E0A7B7695404F8114F2AABFF575DC5BA0 ft=1 fh=d820a17f004da2d9 vn="Java/HackTool.DoSer.A trojan" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1767514419-3953065580-1800698557-1000\$RTTU7BO.exe"
Also JDownloader wahrscheinlich weil es diese SearchDial Toolbar hatte, aber was das 2. ist weiß ich nicht. Schritt 4:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Admin (administrator) on ADMIN-PC on 18-04-2014 09:40:40
Running from C:\Users\Admin\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => E:\Programme\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1767514419-3953065580-1800698557-1000\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-07-18] (Gainward Co. Ltd.)
HKU\S-1-5-21-1767514419-3953065580-1800698557-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-29] (Spotify Ltd)
HKU\S-1-5-21-1767514419-3953065580-1800698557-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Admin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=fb0da7adf9c747d380c974094527aeeb-cf55fac31bbd92bba46cfa8dbe7c36726a9a1d00 /CMPID=1213b
HKU\S-1-5-21-1767514419-3953065580-1800698557-1000\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB9710E11D4CCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0F0A0BtCzytBtCzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0B0AyCyE0FtB0FtGtBzytBzztGzztAtBtBtG0AyEyB0EtGyB0AyB0CzztDyB0DtCyDtA0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0FyCyB0EyDtDtG0DyC0FtAtGyDtCzytDtG0DzzyB0DtGyBtC0A0ByCtDtD0EtC0C0BtC2Q&cr=692882167&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0F0A0BtCzytBtCzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0B0AyCyE0FtB0FtGtBzytBzztGzztAtBtBtG0AyEyB0EtGyB0AyB0CzztDyB0DtCyDtA0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0FyCyB0EyDtDtG0DyC0FtAtGyDtCzytDtG0DzzyB0DtGyBtC0A0ByCtDtD0EtC0C0BtC2Q&cr=692882167&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0F0A0BtCzytBtCzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0B0AyCyE0FtB0FtGtBzytBzztGzztAtBtBtG0AyEyB0EtGyB0AyB0CzztDyB0DtCyDtA0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0FyCyB0EyDtDtG0DyC0FtAtGyDtCzytDtG0DzzyB0DtGyBtC0A0ByCtDtD0EtC0C0BtC2Q&cr=692882167&ir=
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cdqqwrnj.default-1397584252939
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - E:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cdqqwrnj.default-1397584252939\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-15]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cdqqwrnj.default-1397584252939\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR RestoreOnStartup: "sync": {
"suppress_start"
CHR StartupUrls: "hxxp://www.google.ch/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-30]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]
==================== Services (Whitelisted) =================
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programme\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-31] ()
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 ISODrive; E:\Programme\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-03-14] (Realtek Semiconductor Corporation )
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-18 09:40 - 2014-04-18 09:40 - 00017751 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-18 09:40 - 2014-04-18 09:40 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-04-17 22:56 - 2014-04-17 22:56 - 00000262 _____ () C:\Users\Admin\Desktop\esetonlinescanner.txt
2014-04-17 20:18 - 2014-04-17 20:18 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-17 20:18 - 2014-04-17 20:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-17 20:17 - 2014-04-17 20:17 - 00005706 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-04-17 20:06 - 2014-04-17 20:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 20:05 - 2014-04-17 20:05 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 20:05 - 2014-04-17 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 20:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 20:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 20:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 19:55 - 2014-04-17 20:01 - 00000000 ____D () C:\AdwCleaner
2014-04-16 17:55 - 2014-04-16 17:55 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 17:55 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-16 17:55 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-16 17:55 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-16 17:55 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 20:41 - 2014-04-18 09:40 - 02158592 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-15 20:41 - 2014-04-18 09:40 - 00000000 ____D () C:\FRST
2014-04-15 19:50 - 2014-04-15 19:50 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten
2014-04-10 16:37 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 16:37 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 16:37 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 16:37 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 16:37 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 16:37 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 16:37 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 16:37 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 16:37 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 16:37 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 16:37 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 16:37 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 16:37 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 16:37 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 16:37 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 16:37 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 16:37 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 16:37 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 16:37 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 16:37 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 16:37 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 20:01 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-07 20:01 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-24 20:43 - 2014-04-16 22:36 - 00005124 _____ () C:\Users\Admin\Desktop\dokuwiki backup.txt
2014-03-23 12:27 - 2014-04-07 20:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2014-03-23 12:27 - 2014-03-23 12:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 12:27 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-23 12:27 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-03-23 12:27 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-23 12:27 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-03-23 12:27 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-23 12:27 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-03-23 12:26 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-23 12:25 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-23 12:25 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-23 12:25 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-23 12:25 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-23 12:25 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-23 11:23 - 2014-03-23 11:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\IW4M
2014-03-23 11:22 - 2014-03-23 11:22 - 00002679 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 11:22 - 2014-03-23 11:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype
2014-03-22 18:10 - 2014-03-22 18:10 - 00000939 _____ () C:\Users\Admin\Desktop\Open Broadcaster Software.lnk
2014-03-22 18:10 - 2014-03-22 18:10 - 00000754 _____ () C:\Users\Admin\Desktop\launcher - Verknüpfung.lnk
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OBS
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Program Files\OBS
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-03-21 14:15 - 2014-03-22 18:47 - 00080847 _____ () C:\Users\Admin\Documents\YOU KILLED JFK!.HTM
2014-03-21 14:15 - 2014-03-22 18:47 - 00043272 _____ () C:\Users\Admin\Documents\YOU KILLED JFK!.TXT
2014-03-21 14:03 - 2014-03-21 14:03 - 00000497 _____ () C:\Users\Admin\Desktop\JFK Reloaded.lnk
2014-03-21 14:03 - 2014-03-21 14:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFK Reloaded
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 ____D () C:\Users\Admin\Documents\Banished
2014-03-20 21:55 - 2014-03-20 21:55 - 00000656 _____ () C:\Users\Public\Desktop\Banished 32bit.lnk
2014-03-20 21:55 - 2014-03-20 21:55 - 00000644 _____ () C:\Users\Public\Desktop\Banished 64bit.lnk
2014-03-19 20:07 - 2014-03-19 20:07 - 00000180 _____ () C:\Users\Admin\Desktop\Free to Play.url
==================== One Month Modified Files and Folders =======
2014-04-18 09:40 - 2014-04-18 09:40 - 00017751 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-18 09:40 - 2014-04-18 09:40 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-04-18 09:40 - 2014-04-15 20:41 - 02158592 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-18 09:40 - 2014-04-15 20:41 - 00000000 ____D () C:\FRST
2014-04-18 09:40 - 2010-11-21 08:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 09:40 - 2010-11-21 08:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 09:40 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 09:39 - 2013-05-28 19:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 09:34 - 2013-05-28 20:05 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 09:34 - 2013-05-28 19:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 09:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 09:34 - 2009-07-14 06:51 - 00099951 _____ () C:\Windows\setupact.log
2014-04-17 23:05 - 2013-05-28 18:41 - 02063201 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 22:56 - 2014-04-17 22:56 - 00000262 _____ () C:\Users\Admin\Desktop\esetonlinescanner.txt
2014-04-17 22:55 - 2013-07-25 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-04-17 22:49 - 2013-07-16 21:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 22:42 - 2013-05-28 20:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 21:25 - 2013-06-09 21:31 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9CCBB9C-FE82-41D5-ABDE-A392C42ACBA1}
2014-04-17 20:22 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:22 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:18 - 2014-04-17 20:18 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-17 20:18 - 2014-04-17 20:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-17 20:17 - 2014-04-17 20:17 - 00005706 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-04-17 20:16 - 2014-04-17 20:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 20:15 - 2010-11-21 05:47 - 00030020 _____ () C:\Windows\PFRO.log
2014-04-17 20:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web
2014-04-17 20:05 - 2014-04-17 20:05 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 20:05 - 2014-04-17 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 20:01 - 2014-04-17 19:55 - 00000000 ____D () C:\AdwCleaner
2014-04-16 22:36 - 2014-03-24 20:43 - 00005124 _____ () C:\Users\Admin\Desktop\dokuwiki backup.txt
2014-04-16 17:55 - 2014-04-16 17:55 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 17:55 - 2013-10-22 19:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 17:55 - 2013-07-15 20:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 17:35 - 2013-06-14 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-16 17:34 - 2013-07-16 21:41 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-16 17:34 - 2013-07-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 17:34 - 2013-07-16 21:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 19:50 - 2014-04-15 19:50 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten
2014-04-15 18:03 - 2013-09-03 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Eclipse
2014-04-14 16:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-12 13:02 - 2013-06-17 00:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-11 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 22:51 - 2014-03-10 17:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 22:51 - 2013-07-25 00:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 22:50 - 2013-05-29 19:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 21:43 - 2013-05-28 20:06 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-07 20:01 - 2014-03-23 12:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2014-04-07 20:01 - 2013-05-28 19:24 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-07 20:01 - 2013-05-28 19:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-05 12:36 - 2013-12-12 20:49 - 00008987 _____ () C:\Users\Admin\Desktop\ToDo.txt
2014-04-04 18:11 - 2014-03-11 18:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WindSolutions
2014-04-04 18:10 - 2014-03-11 18:03 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-04-03 20:55 - 2013-07-15 21:09 - 00000000 ____D () C:\Users\Admin\.android
2014-04-03 09:51 - 2014-04-17 20:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 20:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 20:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 15:27 - 2013-10-29 17:56 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 15:27 - 2013-10-29 17:56 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-31 17:11 - 2014-03-14 14:11 - 00000090 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2014-03-31 17:08 - 2013-11-22 18:17 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-31 03:16 - 2014-04-10 16:37 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 16:37 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 10:37 - 2013-05-28 20:05 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 10:37 - 2013-05-28 20:05 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 21:46 - 2013-06-02 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-03-26 19:53 - 2014-02-16 11:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-23 14:21 - 2013-09-11 13:22 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2014-03-23 12:28 - 2013-10-29 17:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2014-03-23 12:27 - 2014-03-23 12:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 12:27 - 2013-10-29 17:54 - 00001351 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-23 12:27 - 2013-05-28 19:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-23 11:23 - 2014-03-23 11:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\IW4M
2014-03-23 11:22 - 2014-03-23 11:22 - 00002679 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 11:22 - 2014-03-23 11:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype
2014-03-23 11:22 - 2013-07-25 16:01 - 00000000 ____D () C:\ProgramData\Skype
2014-03-22 18:47 - 2014-03-21 14:15 - 00080847 _____ () C:\Users\Admin\Documents\YOU KILLED JFK!.HTM
2014-03-22 18:47 - 2014-03-21 14:15 - 00043272 _____ () C:\Users\Admin\Documents\YOU KILLED JFK!.TXT
2014-03-22 18:10 - 2014-03-22 18:10 - 00000939 _____ () C:\Users\Admin\Desktop\Open Broadcaster Software.lnk
2014-03-22 18:10 - 2014-03-22 18:10 - 00000754 _____ () C:\Users\Admin\Desktop\launcher - Verknüpfung.lnk
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OBS
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Program Files\OBS
2014-03-22 18:10 - 2014-03-22 18:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-03-21 21:43 - 2014-04-07 20:01 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 21:43 - 2014-04-07 20:01 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 21:43 - 2013-10-29 17:52 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 14:03 - 2014-03-21 14:03 - 00000497 _____ () C:\Users\Admin\Desktop\JFK Reloaded.lnk
2014-03-21 14:03 - 2014-03-21 14:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFK Reloaded
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 ____D () C:\Users\Admin\Documents\Banished
2014-03-20 21:55 - 2014-03-20 21:55 - 00000656 _____ () C:\Users\Public\Desktop\Banished 32bit.lnk
2014-03-20 21:55 - 2014-03-20 21:55 - 00000644 _____ () C:\Users\Public\Desktop\Banished 64bit.lnk
2014-03-19 20:46 - 2014-02-04 22:34 - 00002348 _____ () C:\Users\Admin\Desktop\acb2.txt
2014-03-19 20:07 - 2014-03-19 20:07 - 00000180 _____ () C:\Users\Admin\Desktop\Free to Play.url
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\BTSync.exe
C:\Users\Admin\AppData\Local\Temp\CMInstaller.exe
C:\Users\Admin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\proxy_vole5032720378922950598.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Admin\AppData\Local\Temp\_isBC9F.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 19:33
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Übrigens hab ich kein Addition.txt auf dem Desktop bekommen? |
Regeln zum Ablauf der Bereinigung
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
