Feed Helpbar Infektion

Cerebro · April 9, 2014

Hallo,

habe mir gestern eine lästige Schadssoftware eingefangen.

Begann damit, das neue Tabs in Google Chrome immer die Yahoo Suche geöffnet hatten. Bei genaurem hinsehen habe ich gesehen, dass die Ursprungs URL allerdings feedhelpbar.com.... oder so ähnlich war.

Habe nun ein wenig recherchiert komme leider so auf kein Ergebnis und würde es aktuell bevorzugen, dass OS nicht neu aufsetzen zu müssen.

Hier einmal das Log von adwcleaner:

# AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 17:59:08

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Cerebro - BAT-CAVE

# Gestartet von : C:\Users\Cerebro\Desktop\adwcleaner.exe

# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [18378 octets] - [08/04/2014 19:19:49]

AdwCleaner[R10].txt - [1647 octets] - [09/04/2014 17:57:46]

AdwCleaner[R1].txt - [1050 octets] - [08/04/2014 19:22:37]

AdwCleaner[R2].txt - [1171 octets] - [08/04/2014 19:33:09]

AdwCleaner[R3].txt - [1291 octets] - [08/04/2014 19:36:13]

AdwCleaner[R4].txt - [1272 octets] - [08/04/2014 19:45:52]

AdwCleaner[R5].txt - [1217 octets] - [08/04/2014 19:47:19]

AdwCleaner[R6].txt - [1406 octets] - [08/04/2014 19:49:50]

AdwCleaner[R7].txt - [1337 octets] - [08/04/2014 19:51:54]

AdwCleaner[R8].txt - [1526 octets] - [08/04/2014 19:53:07]

AdwCleaner[R9].txt - [1586 octets] - [09/04/2014 17:44:26]

AdwCleaner[s0].txt - [16211 octets] - [08/04/2014 19:20:50]

AdwCleaner[s1].txt - [1112 octets] - [08/04/2014 19:24:06]

AdwCleaner[s2].txt - [1233 octets] - [08/04/2014 19:33:47]

AdwCleaner[s3].txt - [1340 octets] - [08/04/2014 19:44:26]

AdwCleaner[s4].txt - [1568 octets] - [09/04/2014 17:59:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1628 octets] ##########

Nachdem der cleaner dann gelöscht und den PC neugestartet hat, habe ich FIRST durchlaufen lassen.

Hier der Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)

Ran by Cerebro (administrator) on BAT-CAVE on 09-04-2014 18:00:42

Running from C:\Users\Cerebro\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe

(LogMeIn Inc.) F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Skype Technologies) F:\Program Files (x86)\Skype\Updater\Updater.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe

(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe

(Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

(Dropbox, Inc.) C:\Users\Cerebro\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

( ) F:\Programme\Miranda\miranda64.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe

(Binary Fortress Software) F:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)

HKLM-x32\...\Run: [] - [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation)

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [Fatal1tySTU] - [X]

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [zASRockInstantBoot] - [X]

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [THPanel] - C:\Program Files (x86)\Thunder Master\THPanel.exe [2049904 2012-11-26] (Palit Microsystems Ltd.)

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [steam] - F:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [DAEMON Tools Lite] - F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\Run: [DisplayFusion] - F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2bbd67ec-fa07-11e2-afb0-bc5ff42be9fa} - H:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2bbd67f6-fa07-11e2-afb0-bc5ff42be9fa} - H:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {2f5ce13c-51ee-11e3-b01c-806e6f6e6963} - H:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2523724513-2655246669-291406613-1000\...\MountPoints2: {b3e7a732-a243-11e2-91c0-806e6f6e6963} - D:\Setup.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)

Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Cerebro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Haushaltsbuch - Verknüpfung.lnk

ShortcutTarget: Haushaltsbuch - Verknüpfung.lnk -> C:\Users\Cerebro\Haushaltsbuch.xlsm ()

Startup: C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda64 - Verknüpfung.lnk

ShortcutTarget: miranda64 - Verknüpfung.lnk -> F:\Programme\Miranda\miranda64.exe ( )

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28B528369937CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.60.1

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]

CHR Extension: (Google Drive) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]

CHR Extension: (YouTube) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]

CHR Extension: (Adblock Plus) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-08]

CHR Extension: (Google-Suche) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]

CHR Extension: (Foxtab Speed Dial) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp [2014-04-08]

CHR Extension: (Google Wallet) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]

CHR Extension: (Google Mail) - C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 DisplayFusionService; F:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)

R2 Hamachi2Svc; F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)

S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()

S4 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-13] ()

R2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)

R2 TeamViewer8; F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)

S3 DAUpdaterSvc; F:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)

S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-25] (DT Soft Ltd)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-04-10] ()

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-09 17:58 - 2014-04-09 17:58 - 00044321 _____ () C:\Users\Cerebro\Desktop\Addition.txt

2014-04-09 17:58 - 2014-04-09 17:58 - 00037590 _____ () C:\Users\Cerebro\Desktop\FRST.txt

2014-04-09 17:58 - 2014-04-09 17:58 - 00000412 _____ () C:\Users\Cerebro\Desktop\emsisoft.txt

2014-04-09 17:51 - 2014-04-09 17:52 - 00044321 _____ () C:\Users\Cerebro\Downloads\Addition.txt

2014-04-09 17:50 - 2014-04-09 18:00 - 00015904 _____ () C:\Users\Cerebro\Downloads\FRST.txt

2014-04-09 17:50 - 2014-04-09 18:00 - 00000000 ____D () C:\FRST

2014-04-09 17:50 - 2014-04-09 17:50 - 02157056 _____ (Farbar) C:\Users\Cerebro\Downloads\FRST64.exe

2014-04-09 17:42 - 2014-04-09 17:42 - 00000000 ____D () C:\Windows\pss

2014-04-08 19:52 - 2014-04-09 17:59 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-08 19:52 - 2014-04-08 21:02 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-08 19:52 - 2014-04-08 19:57 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-08 19:52 - 2014-04-08 19:57 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-08 19:52 - 2014-04-08 19:52 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Google

2014-04-08 19:19 - 2014-04-09 17:59 - 00000000 ____D () C:\AdwCleaner

2014-04-08 19:19 - 2014-04-08 19:19 - 01426178 _____ () C:\Users\Cerebro\Desktop\adwcleaner.exe

2014-04-08 19:03 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Public\Foxit Software

2014-04-08 19:01 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Foxit Software

2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Tracker Software

2014-04-08 18:51 - 2014-04-08 18:51 - 14268955 _____ () C:\Users\Cerebro\Desktop\PDFX5SA_LE.zip

2014-04-05 16:19 - 2014-04-05 16:19 - 00001086 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk

2014-04-05 16:13 - 2014-04-05 16:18 - 00000000 ____D () C:\Users\Cerebro\Desktop\Southpark Stick of Truth

2014-03-27 23:55 - 2014-03-27 23:55 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DropboxMaster

2014-03-24 21:31 - 2014-03-24 21:35 - 00000000 ____D () C:\Users\Cerebro\Desktop\sao

2014-03-24 20:33 - 2014-03-25 01:13 - 00000000 ____D () C:\Users\Cerebro\Desktop\avi

2014-03-24 20:31 - 2014-03-24 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk

2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Freemake

2014-03-24 20:20 - 2014-03-24 20:20 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\AnyMP4 Studio

2014-03-21 19:32 - 2014-03-21 19:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-03-21 19:31 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-03-21 19:30 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-03-21 19:30 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-03-21 19:30 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-03-21 19:30 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2014-03-21 19:30 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2014-03-21 19:04 - 2013-12-27 20:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-03-21 19:04 - 2013-12-27 20:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-03-16 20:25 - 2014-03-16 20:25 - 00001277 _____ () C:\Users\Cerebro\AppData\Local\recently-used.xbel

2014-03-15 01:08 - 2014-03-15 01:08 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Skype

2014-03-13 18:39 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 18:39 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 18:39 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 18:39 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 18:39 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 18:39 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 18:39 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 18:39 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 18:39 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 18:39 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 18:39 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 18:39 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 18:39 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 18:39 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 18:39 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 18:39 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 18:39 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 18:39 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 18:39 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 18:39 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 18:39 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 18:39 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 18:39 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 18:39 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 18:39 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 18:39 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 18:39 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 18:39 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 18:39 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 18:39 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 18:39 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 18:39 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 18:39 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 18:39 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 18:39 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 18:39 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 18:39 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 18:39 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 18:39 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 18:39 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 18:39 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 18:39 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-13 18:39 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-13 18:39 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-13 18:37 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 18:37 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 18:37 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 18:37 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 18:00 - 2014-04-09 17:50 - 00015904 _____ () C:\Users\Cerebro\Downloads\FRST.txt

2014-04-09 18:00 - 2014-04-09 17:50 - 00000000 ____D () C:\FRST

2014-04-09 18:00 - 2013-04-18 17:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Dropbox

2014-04-09 18:00 - 2013-04-10 20:55 - 00000000 ____D () C:\Users\Cerebro

2014-04-09 18:00 - 2009-07-14 06:51 - 00123456 _____ () C:\Windows\setupact.log

2014-04-09 17:59 - 2014-04-08 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-09 17:59 - 2014-04-08 19:19 - 00000000 ____D () C:\AdwCleaner

2014-04-09 17:59 - 2013-04-10 21:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-09 17:59 - 2013-04-10 21:05 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-04-09 17:59 - 2013-04-10 20:55 - 02021798 _____ () C:\Windows\WindowsUpdate.log

2014-04-09 17:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-09 17:58 - 2014-04-09 17:58 - 00044321 _____ () C:\Users\Cerebro\Desktop\Addition.txt

2014-04-09 17:58 - 2014-04-09 17:58 - 00037590 _____ () C:\Users\Cerebro\Desktop\FRST.txt

2014-04-09 17:58 - 2014-04-09 17:58 - 00000412 _____ () C:\Users\Cerebro\Desktop\emsisoft.txt

2014-04-09 17:52 - 2014-04-09 17:51 - 00044321 _____ () C:\Users\Cerebro\Downloads\Addition.txt

2014-04-09 17:50 - 2014-04-09 17:50 - 02157056 _____ (Farbar) C:\Users\Cerebro\Downloads\FRST64.exe

2014-04-09 17:50 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-09 17:50 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-09 17:49 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat

2014-04-09 17:49 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat

2014-04-09 17:49 - 2009-07-14 07:13 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-09 17:42 - 2014-04-09 17:42 - 00000000 ____D () C:\Windows\pss

2014-04-09 17:42 - 2013-04-10 20:55 - 00000000 ___RD () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-09 17:39 - 2012-09-11 18:53 - 00742957 _____ () C:\Users\Cerebro\Haushaltsbuch.xlsm

2014-04-08 21:25 - 2013-04-12 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-08 21:02 - 2014-04-08 19:52 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-08 20:12 - 2013-04-10 21:09 - 00866586 _____ () C:\Windows\PFRO.log

2014-04-08 19:57 - 2014-04-08 19:52 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-08 19:57 - 2014-04-08 19:52 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-08 19:52 - 2014-04-08 19:52 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Google

2014-04-08 19:52 - 2013-04-10 21:26 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Deployment

2014-04-08 19:52 - 2013-04-10 21:26 - 00000000 ____D () C:\Program Files (x86)\Google

2014-04-08 19:19 - 2014-04-08 19:19 - 01426178 _____ () C:\Users\Cerebro\Desktop\adwcleaner.exe

2014-04-08 19:03 - 2014-04-08 19:03 - 00000000 ____D () C:\Users\Public\Foxit Software

2014-04-08 19:03 - 2014-04-08 19:01 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Foxit Software

2014-04-08 18:59 - 2014-02-16 12:14 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Tracker Software

2014-04-08 18:51 - 2014-04-08 18:51 - 14268955 _____ () C:\Users\Cerebro\Desktop\PDFX5SA_LE.zip

2014-04-07 21:12 - 2013-04-12 18:13 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Skype

2014-04-06 21:45 - 2013-04-12 19:49 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\vlc

2014-04-06 17:58 - 2014-03-01 14:46 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Battle.net

2014-04-06 11:11 - 2013-04-10 21:05 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-04-05 16:22 - 2013-06-04 19:59 - 00000000 ____D () C:\ProgramData\Steam

2014-04-05 16:19 - 2014-04-05 16:19 - 00001086 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk

2014-04-05 16:18 - 2014-04-05 16:13 - 00000000 ____D () C:\Users\Cerebro\Desktop\Southpark Stick of Truth

2014-04-02 20:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-01 19:48 - 2013-04-10 21:18 - 00490050 _____ () C:\Windows\DirectX.log

2014-04-01 19:02 - 2013-10-12 18:08 - 00000000 ____D () C:\Users\Cerebro\Merci

2014-03-27 23:55 - 2014-03-27 23:55 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DropboxMaster

2014-03-27 23:55 - 2013-04-18 17:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-03-25 01:13 - 2014-03-24 20:33 - 00000000 ____D () C:\Users\Cerebro\Desktop\avi

2014-03-24 21:35 - 2014-03-24 21:31 - 00000000 ____D () C:\Users\Cerebro\Desktop\sao

2014-03-24 20:31 - 2014-03-24 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk

2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

2014-03-24 20:31 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Freemake

2014-03-24 20:20 - 2014-03-24 20:20 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\AnyMP4 Studio

2014-03-24 18:01 - 2013-09-08 18:27 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\PMB Files

2014-03-21 21:20 - 2014-01-13 18:35 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\DisplayFusion

2014-03-21 19:32 - 2014-03-21 19:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-03-21 19:32 - 2013-04-10 21:19 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-03-21 19:31 - 2013-04-10 21:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-03-18 18:52 - 2013-07-20 17:29 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 18:51 - 2013-04-11 22:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-16 20:25 - 2014-03-16 20:25 - 00001277 _____ () C:\Users\Cerebro\AppData\Local\recently-used.xbel

2014-03-16 20:25 - 2013-05-26 18:23 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\gtk-2.0

2014-03-16 20:25 - 2013-05-26 18:16 - 00000000 ____D () C:\Users\Cerebro\AppData\Roaming\HexChat

2014-03-16 19:12 - 2013-05-29 20:58 - 00000061 _____ () C:\Users\Cerebro\Desktop\Verliehen.txt

2014-03-15 01:08 - 2014-03-15 01:08 - 00000000 ____D () C:\Users\Cerebro\AppData\Local\Skype

2014-03-15 01:08 - 2013-04-12 18:13 - 00000000 ____D () C:\ProgramData\Skype

2014-03-14 18:25 - 2009-07-14 06:45 - 00357400 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-13 23:14 - 2013-05-12 12:36 - 00000039 _____ () C:\Windows\vbaddin.ini

2014-03-13 23:14 - 2013-04-10 21:40 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-11 21:25 - 2013-04-12 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-11 21:25 - 2013-04-12 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-11 21:25 - 2013-04-12 18:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:

====================

C:\Users\Cerebro\Minecraft.exe

Some content of TEMP:

====================

C:\Users\Cerebro\AppData\Local\Temp\AskSLib.dll

C:\Users\Cerebro\AppData\Local\Temp\AutoRun.exe

C:\Users\Cerebro\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Cerebro\AppData\Local\Temp\avgnt.exe

C:\Users\Cerebro\AppData\Local\Temp\CH.dll

C:\Users\Cerebro\AppData\Local\Temp\CmdLineExt02.dll

C:\Users\Cerebro\AppData\Local\Temp\DeltaTB.exe

C:\Users\Cerebro\AppData\Local\Temp\drm_dyndata_7290008.dll

C:\Users\Cerebro\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Cerebro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplgnwdt.dll

C:\Users\Cerebro\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Cerebro\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.14.exe

C:\Users\Cerebro\AppData\Local\Temp\IminentSetup.exe

C:\Users\Cerebro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Cerebro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Cerebro\AppData\Local\Temp\LF2_v20a_Setup.exe

C:\Users\Cerebro\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Cerebro\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Cerebro\AppData\Local\Temp\nvStInst.exe

C:\Users\Cerebro\AppData\Local\Temp\ose00000.exe

C:\Users\Cerebro\AppData\Local\Temp\Quarantine.exe

C:\Users\Cerebro\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Cerebro\AppData\Local\Temp\sfextra.dll

C:\Users\Cerebro\AppData\Local\Temp\SIntf16.dll

C:\Users\Cerebro\AppData\Local\Temp\SIntf32.dll

C:\Users\Cerebro\AppData\Local\Temp\SIntfNT.dll

C:\Users\Cerebro\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Cerebro\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Cerebro\AppData\Local\Temp\war3_Install.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-31 21:44

==================== End Of Log ============================

Hoffe diese Infos sind schon aussage kräft.

Vielen Dank!

schrauber · April 9, 2014

Hi und Herzlich Willkommen beim Emsisoft Support Forum!

Das Log sieht erstmal gut aus, bestehen die Probleme noch seit der Anwendung von AdwCleaner?

Cerebro · April 9, 2014

Ehrlich gesagt nein, aber im AdwCleaner wird unter Chrome folgendes angezeigt:

C:\Users\Cerebro\AppData\Local\Google\Chrome\User Data\Default\preferences

Dadurch dachte ich, dass sich die Infektion fest gefressen hat oder etwas übrig geblieben ist.

schrauber · April 10, 2014

Nein das ist nur eine Auflistung wo bei Chrome die Einstellungen gelistet sind, wenn müsste unter dieser Zeile noch was stehen, das wären dann adware-relevante Einträge

Cerebro · April 10, 2014

Alles klar! Vielen Dank! Super Forum!

Kann dann geschlossen werden.

schrauber · April 10, 2014

Gern Geschehen

schrauber · June 19, 2014

Dieses Thema scheint erledigt und wird geschlossen.

Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Sign In

Feed Helpbar Infektion

Recommended Posts

Cerebro 0

Share this post

Link to post

Share on other sites

schrauber 30

Share this post

Link to post

Share on other sites

Cerebro 0

Share this post

Link to post

Share on other sites

schrauber 30

Share this post

Link to post

Share on other sites

Cerebro 0

Share this post

Link to post

Share on other sites

schrauber 30

Share this post

Link to post

Share on other sites

schrauber 30

Share this post

Link to post

Share on other sites

Recently Browsing 0 members

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

Browse

Activity