Cerebro 0 Posted April 9, 2014 Report Share Posted April 9, 2014 Hallo, habe mir gestern eine lästige Schadssoftware eingefangen. Begann damit, das neue Tabs in Google Chrome immer die Yahoo Suche geöffnet hatten. Bei genaurem hinsehen habe ich gesehen, dass die Ursprungs URL allerdings feedhelpbar.com.... oder so ähnlich war. Habe nun ein wenig recherchiert komme leider so auf kein Ergebnis und würde es aktuell bevorzugen, dass OS nicht neu aufsetzen zu müssen. Hier einmal das Log von adwcleaner: # AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 17:59:08 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Cerebro - BAT-CAVE # Gestartet von : C:\Users\Cerebro\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v34.0.1847.116 [ Datei : C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [18378 octets] - [08/04/2014 19:19:49] AdwCleaner[R10].txt - [1647 octets] - [09/04/2014 17:57:46] AdwCleaner[R1].txt - [1050 octets] - [08/04/2014 19:22:37] AdwCleaner[R2].txt - [1171 octets] - [08/04/2014 19:33:09] AdwCleaner[R3].txt - [1291 octets] - [08/04/2014 19:36:13] AdwCleaner[R4].txt - [1272 octets] - [08/04/2014 19:45:52] AdwCleaner[R5].txt - [1217 octets] - [08/04/2014 19:47:19] AdwCleaner[R6].txt - [1406 octets] - [08/04/2014 19:49:50] AdwCleaner[R7].txt - [1337 octets] - [08/04/2014 19:51:54] AdwCleaner[R8].txt - [1526 octets] - [08/04/2014 19:53:07] AdwCleaner[R9].txt - [1586 octets] - [09/04/2014 17:44:26] AdwCleaner[s0].txt - [16211 octets] - [08/04/2014 19:20:50] AdwCleaner[s1].txt - [1112 octets] - [08/04/2014 19:24:06] AdwCleaner[s2].txt - [1233 octets] - [08/04/2014 19:33:47] AdwCleaner[s3].txt - [1340 octets] - [08/04/2014 19:44:26] AdwCleaner[s4].txt - [1568 octets] - [09/04/2014 17:59:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1628 octets] ########## Nachdem der cleaner dann gelöscht und den PC neugestartet hat, habe ich FIRST durchlaufen lassen. Hier der Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by Cerebro (administrator) on BAT-CAVE on 09-04-2014 18:00:42 Running from C:\Users\Cerebro\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (LogMeIn Inc.) F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies) F:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe (Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Dropbox, Inc.) C:\Users\Cerebro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Windows\splwow64.exe ( ) F:\Programme\Miranda\miranda64.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe (Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] - [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation) HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [Fatal1tySTU] - [X] HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [zASRockInstantBoot] - [X] HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [THPanel] - C:\Program Files (x86)\Thunder Master\THPanel.exe [2049904 2012-11-26] (Palit Microsystems Ltd.) HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [steam] - F:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [DAEMON Tools Lite] - F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [DisplayFusion] - F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software) HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2bbd67ec-fa07-11e2-afb0-bc5ff42be9fa} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2bbd67f6-fa07-11e2-afb0-bc5ff42be9fa} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2f5ce13c-51ee-11e3-b01c-806e6f6e6963} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {b3e7a732-a243-11e2-91c0-806e6f6e6963} - D:\Setup.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation) Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cerebro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Haushaltsbuch - Verknüpfung.lnk ShortcutTarget: Haushaltsbuch - Verknüpfung.lnk -> C:\Users\Cerebro\Haushaltsbuch.xlsm () Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda64 - Verknüpfung.lnk ShortcutTarget: miranda64 - Verknüpfung.lnk -> F:\Programme\Miranda\miranda64.exe ( ) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28B528369937CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.60.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08] CHR Extension: (Google Drive) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08] CHR Extension: (YouTube) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08] CHR Extension: (Adblock Plus) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-08] CHR Extension: (Google-Suche) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08] CHR Extension: (Foxtab Speed Dial) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp [2014-04-08] CHR Extension: (Google Wallet) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08] CHR Extension: (Google Mail) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 DisplayFusionService; F:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software) R2 Hamachi2Svc; F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () S4 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-13] () R2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) R2 TeamViewer8; F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH) S3 DAUpdaterSvc; F:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X] ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-25] (DT Soft Ltd) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-04-10] () S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 17:58 - 2014-04-09 17:58 - 00044321 _____ () C:\Users\Cerebro\Desktop\Addition.txt 2014-04-09 17:58 - 2014-04-09 17:58 - 00037590 _____ () C:\Users\Cerebro\Desktop\FRST.txt 2014-04-09 17:58 - 2014-04-09 17:58 - 00000412 _____ () C:\Users\Cerebro\Desktop\emsisoft.txt 2014-04-09 17:51 - 2014-04-09 17:52 - 00044321 _____ () C:\Users\Cerebro\Downloads\Addition.txt 2014-04-09 17:50 - 2014-04-09 18:00 - 00015904 _____ () C:\Users\Cerebro\Downloads\FRST.txt 2014-04-09 17:50 - 2014-04-09 18:00 - 00000000 ____D () C:\FRST 2014-04-09 17:50 - 2014-04-09 17:50 - 02157056 _____ (Farbar) C:\Users\Cerebro\Downloads\FRST64.exe 2014-04-09 17:42 - 2014-04-09 17:42 - 00000000 ____D () C:\Windows\pss 2014-04-08 19:52 - 2014-04-09 17:59 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-08 19:52 - 2014-04-08 21:02 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-08 19:52 - 2014-04-08 19:57 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-08 19:52 - 2014-04-08 19:57 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-08 19:52 - 2014-04-08 19:52 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Google 2014-04-08 19:19 - 2014-04-09 17:59 - 00000000 ____D () C:\AdwCleaner 2014-04-08 19:19 - 2014-04-08 19:19 - 01426178 _____ () C:\Users\Cerebro\Desktop\adwcleaner.exe 2014-04-08 19:03 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-04-08 19:01 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Foxit Software 2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Tracker Software 2014-04-08 18:51 - 2014-04-08 18:51 - 14268955 _____ () C:\Users\Cerebro\Desktop\PDFX5SA_LE.zip 2014-04-05 16:19 - 2014-04-05 16:19 - 00001086 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk 2014-04-05 16:13 - 2014-04-05 16:18 - 00000000 ____D () C:\Users\Cerebro\Desktop\Southpark Stick of Truth 2014-03-27 23:55 - 2014-03-27 23:55 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DropboxMaster 2014-03-24 21:31 - 2014-03-24 21:35 - 00000000 ____D () C:\Users\Cerebro\Desktop\sao 2014-03-24 20:33 - 2014-03-25 01:13 - 00000000 ____D () C:\Users\Cerebro\Desktop\avi 2014-03-24 20:31 - 2014-03-24 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Freemake 2014-03-24 20:20 - 2014-03-24 20:20 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\AnyMP4 Studio 2014-03-21 19:32 - 2014-03-21 19:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-03-21 19:31 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-03-21 19:30 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-21 19:30 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-21 19:30 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-21 19:30 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-21 19:30 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-21 19:04 - 2013-12-27 20:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-03-21 19:04 - 2013-12-27 20:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-03-16 20:25 - 2014-03-16 20:25 - 00001277 _____ () C:\Users\Cerebro\AppData\Local\recently-used.xbel 2014-03-15 01:08 - 2014-03-15 01:08 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Skype 2014-03-13 18:39 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 18:39 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 18:39 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 18:39 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 18:39 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 18:39 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 18:39 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 18:39 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 18:39 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 18:39 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 18:39 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 18:39 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 18:39 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 18:39 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 18:39 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 18:39 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 18:39 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 18:39 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 18:39 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 18:39 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 18:39 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 18:39 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 18:39 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 18:39 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 18:39 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 18:39 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 18:39 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 18:39 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 18:39 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 18:39 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 18:39 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 18:39 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 18:39 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 18:39 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 18:39 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 18:39 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 18:39 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 18:39 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 18:39 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 18:39 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 18:39 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 18:39 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 18:39 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 18:39 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 18:37 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 18:37 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 18:37 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 18:37 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-09 18:00 - 2014-04-09 17:50 - 00015904 _____ () C:\Users\Cerebro\Downloads\FRST.txt 2014-04-09 18:00 - 2014-04-09 17:50 - 00000000 ____D () C:\FRST 2014-04-09 18:00 - 2013-04-18 17:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Dropbox 2014-04-09 18:00 - 2013-04-10 20:55 - 00000000 ____D () C:\Users\Cerebro 2014-04-09 18:00 - 2009-07-14 06:51 - 00123456 _____ () C:\Windows\setupact.log 2014-04-09 17:59 - 2014-04-08 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-09 17:59 - 2014-04-08 19:19 - 00000000 ____D () C:\AdwCleaner 2014-04-09 17:59 - 2013-04-10 21:20 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-09 17:59 - 2013-04-10 21:05 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-04-09 17:59 - 2013-04-10 20:55 - 02021798 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 17:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 17:58 - 2014-04-09 17:58 - 00044321 _____ () C:\Users\Cerebro\Desktop\Addition.txt 2014-04-09 17:58 - 2014-04-09 17:58 - 00037590 _____ () C:\Users\Cerebro\Desktop\FRST.txt 2014-04-09 17:58 - 2014-04-09 17:58 - 00000412 _____ () C:\Users\Cerebro\Desktop\emsisoft.txt 2014-04-09 17:52 - 2014-04-09 17:51 - 00044321 _____ () C:\Users\Cerebro\Downloads\Addition.txt 2014-04-09 17:50 - 2014-04-09 17:50 - 02157056 _____ (Farbar) C:\Users\Cerebro\Downloads\FRST64.exe 2014-04-09 17:50 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 17:50 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 17:49 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat 2014-04-09 17:49 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat 2014-04-09 17:49 - 2009-07-14 07:13 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 17:42 - 2014-04-09 17:42 - 00000000 ____D () C:\Windows\pss 2014-04-09 17:42 - 2013-04-10 20:55 - 00000000 ___RD () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-09 17:39 - 2012-09-11 18:53 - 00742957 _____ () C:\Users\Cerebro\Haushaltsbuch.xlsm 2014-04-08 21:25 - 2013-04-12 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-08 21:02 - 2014-04-08 19:52 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-08 20:12 - 2013-04-10 21:09 - 00866586 _____ () C:\Windows\PFRO.log 2014-04-08 19:57 - 2014-04-08 19:52 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-08 19:57 - 2014-04-08 19:52 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-08 19:52 - 2014-04-08 19:52 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Google 2014-04-08 19:52 - 2013-04-10 21:26 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Deployment 2014-04-08 19:52 - 2013-04-10 21:26 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-08 19:19 - 2014-04-08 19:19 - 01426178 _____ () C:\Users\Cerebro\Desktop\adwcleaner.exe 2014-04-08 19:03 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-04-08 19:03 - 2014-04-08 19:01 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Foxit Software 2014-04-08 18:59 - 2014-02-16 12:14 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Tracker Software 2014-04-08 18:51 - 2014-04-08 18:51 - 14268955 _____ () C:\Users\Cerebro\Desktop\PDFX5SA_LE.zip 2014-04-07 21:12 - 2013-04-12 18:13 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Skype 2014-04-06 21:45 - 2013-04-12 19:49 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\vlc 2014-04-06 17:58 - 2014-03-01 14:46 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Battle.net 2014-04-06 11:11 - 2013-04-10 21:05 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-04-05 16:22 - 2013-06-04 19:59 - 00000000 ____D () C:\ProgramData\Steam 2014-04-05 16:19 - 2014-04-05 16:19 - 00001086 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk 2014-04-05 16:18 - 2014-04-05 16:13 - 00000000 ____D () C:\Users\Cerebro\Desktop\Southpark Stick of Truth 2014-04-02 20:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-01 19:48 - 2013-04-10 21:18 - 00490050 _____ () C:\Windows\DirectX.log 2014-04-01 19:02 - 2013-10-12 18:08 - 00000000 ____D () C:\Users\Cerebro\Merci 2014-03-27 23:55 - 2014-03-27 23:55 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DropboxMaster 2014-03-27 23:55 - 2013-04-18 17:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-03-25 01:13 - 2014-03-24 20:33 - 00000000 ____D () C:\Users\Cerebro\Desktop\avi 2014-03-24 21:35 - 2014-03-24 21:31 - 00000000 ____D () C:\Users\Cerebro\Desktop\sao 2014-03-24 20:31 - 2014-03-24 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Freemake 2014-03-24 20:20 - 2014-03-24 20:20 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\AnyMP4 Studio 2014-03-24 18:01 - 2013-09-08 18:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\PMB Files 2014-03-21 21:20 - 2014-01-13 18:35 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DisplayFusion 2014-03-21 19:32 - 2014-03-21 19:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-03-21 19:32 - 2013-04-10 21:19 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-21 19:31 - 2013-04-10 21:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-18 18:52 - 2013-07-20 17:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 18:51 - 2013-04-11 22:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 20:25 - 2014-03-16 20:25 - 00001277 _____ () C:\Users\Cerebro\AppData\Local\recently-used.xbel 2014-03-16 20:25 - 2013-05-26 18:23 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\gtk-2.0 2014-03-16 20:25 - 2013-05-26 18:16 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\HexChat 2014-03-16 19:12 - 2013-05-29 20:58 - 00000061 _____ () C:\Users\Cerebro\Desktop\Verliehen.txt 2014-03-15 01:08 - 2014-03-15 01:08 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Skype 2014-03-15 01:08 - 2013-04-12 18:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-14 18:25 - 2009-07-14 06:45 - 00357400 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 23:14 - 2013-05-12 12:36 - 00000039 _____ () C:\Windows\vbaddin.ini 2014-03-13 23:14 - 2013-04-10 21:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-11 21:25 - 2013-04-12 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 21:25 - 2013-04-12 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 21:25 - 2013-04-12 18:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Files to move or delete: ==================== C:\Users\Cerebro\Minecraft.exe Some content of TEMP: ==================== C:\Users\Cerebro\AppData\Local\Temp\AskSLib.dll C:\Users\Cerebro\AppData\Local\Temp\AutoRun.exe C:\Users\Cerebro\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Cerebro\AppData\Local\Temp\avgnt.exe C:\Users\Cerebro\AppData\Local\Temp\CH.dll C:\Users\Cerebro\AppData\Local\Temp\CmdLineExt02.dll C:\Users\Cerebro\AppData\Local\Temp\DeltaTB.exe C:\Users\Cerebro\AppData\Local\Temp\drm_dyndata_7290008.dll C:\Users\Cerebro\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Cerebro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplgnwdt.dll C:\Users\Cerebro\AppData\Local\Temp\Foxit Updater.exe C:\Users\Cerebro\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.14.exe C:\Users\Cerebro\AppData\Local\Temp\IminentSetup.exe C:\Users\Cerebro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Cerebro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Cerebro\AppData\Local\Temp\LF2_v20a_Setup.exe C:\Users\Cerebro\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Cerebro\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Cerebro\AppData\Local\Temp\nvStInst.exe C:\Users\Cerebro\AppData\Local\Temp\ose00000.exe C:\Users\Cerebro\AppData\Local\Temp\Quarantine.exe C:\Users\Cerebro\AppData\Local\Temp\sfamcc00001.dll C:\Users\Cerebro\AppData\Local\Temp\sfextra.dll C:\Users\Cerebro\AppData\Local\Temp\SIntf16.dll C:\Users\Cerebro\AppData\Local\Temp\SIntf32.dll C:\Users\Cerebro\AppData\Local\Temp\SIntfNT.dll C:\Users\Cerebro\AppData\Local\Temp\SkypeSetup.exe C:\Users\Cerebro\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Cerebro\AppData\Local\Temp\war3_Install.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 21:44 ==================== End Of Log ============================ Hoffe diese Infos sind schon aussage kräft. Vielen Dank! Link to post Share on other sites
schrauber 30 Posted April 9, 2014 Report Share Posted April 9, 2014 Hi und Herzlich Willkommen beim Emsisoft Support Forum! Das Log sieht erstmal gut aus, bestehen die Probleme noch seit der Anwendung von AdwCleaner? Link to post Share on other sites
Cerebro 0 Posted April 9, 2014 Author Report Share Posted April 9, 2014 Ehrlich gesagt nein, aber im AdwCleaner wird unter Chrome folgendes angezeigt: C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\preferences Dadurch dachte ich, dass sich die Infektion fest gefressen hat oder etwas übrig geblieben ist. Link to post Share on other sites
schrauber 30 Posted April 10, 2014 Report Share Posted April 10, 2014 Nein das ist nur eine Auflistung wo bei Chrome die Einstellungen gelistet sind, wenn müsste unter dieser Zeile noch was stehen, das wären dann adware-relevante Einträge Link to post Share on other sites
Cerebro 0 Posted April 10, 2014 Author Report Share Posted April 10, 2014 Alles klar! Vielen Dank! Super Forum! Kann dann geschlossen werden. Link to post Share on other sites
schrauber 30 Posted April 10, 2014 Report Share Posted April 10, 2014 Gern Geschehen Link to post Share on other sites
schrauber 30 Posted June 19, 2014 Report Share Posted June 19, 2014 Dieses Thema scheint erledigt und wird geschlossen. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen. Link to post Share on other sites
Recommended Posts