Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop playing up after removal of malware (Win 7)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bambi86

Bambi86

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 27 October 2015 - 03:38 PM

Hi,

I'm new here, so sorry of this topic is already logged somewhere.

I downloaded a programme last week (I know - STUPID ME!!!!!) and with it came various other unwanted programmes - which I removed by now as far as I can tell. I ran rkill, adwcleaner and anti malware bytes and removed lots and lots of infected files. When I run these programmes now they come up clear. But my laptop is still playing up:

- Microsoft Security Essentials doesnt automatically start, only starts when I restart my laptop

- windows flicker and show "Not Responding" quite a lot - always only for less than a second though

- laptop seems to be slower than before.

 

I've read in another thread that the Farbar Service Scanner should help, so I ran it. THe outcome below. Unfortunately that doesn't tell me ANYTHING, so I really hope you guys can help me..

 

Thanks a lot in advance.

 

-----------------

 

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 31 October 2015 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is the tool your should run.
Please post both logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


Wait for further instructions.

#3 Bambi86

Bambi86
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 31 October 2015 - 11:44 AM

Hi, thanks for your reply and your help! below the FRST.

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von Bambi (Administrator) auf HELLA (31-10-2015 16:38:46)
Gestartet von C:\Users\Bambi\Downloads
Geladene Profile: UpdatusUser & Bambi (Verfügbare Profile: UpdatusUser & Bambi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Dropbox, Inc.) C:\Users\Bambi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2012-01-05] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-17] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()
HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Run: [Dropbox Update] => C:\Users\Bambi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1917832 2015-06-04] (TomTom)
HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bambi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\Bambi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bambi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{22854491-398A-4E62-9132-FC3EB1728348}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-02-02] (Sun Microsystems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Bambi\AppData\Roaming\Mozilla\Firefox\Profiles\epmrc6g5.default-1362331096981
FF Homepage: hxxps://www.google.co.uk/webhp?ie=utf-8&oe=utf-8&gws_rd=cr&ei=p3orVo2SJYGrU5aHnpAO
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2014-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2014-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Bambi\AppData\Roaming\Mozilla\Firefox\Profiles\gun0qamq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-02] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Bambi\AppData\Roaming\Mozilla\Firefox\Profiles\epmrc6g5.default-1362331096981\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-02] [ist nicht signiert]

Chrome:
=======
CHR Profile: C:\Users\Bambi\AppData\Local\Google\Chrome\User Data\default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [Datei ist nicht signiert]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [Datei ist nicht signiert]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-06-17] (Ellora Assets Corp.) [Datei ist nicht signiert]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 DaShenAudio_simple; C:\Windows\System32\drivers\DaShenAudio.sys [38224 2014-11-03] (DaShen Development Team)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 mrkndbhr; \??\C:\windows\system32\drivers\mrkndbhr.sys [X]
S1 tnjetfgf; \??\C:\windows\system32\drivers\tnjetfgf.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-31 16:38 - 2015-10-31 16:39 - 00016533 _____ C:\Users\Bambi\Downloads\FRST.txt
2015-10-31 16:38 - 2015-10-31 16:38 - 00000000 ____D C:\FRST
2015-10-31 16:37 - 2015-10-31 16:37 - 02198016 _____ (Farbar) C:\Users\Bambi\Downloads\FRST64.exe
2015-10-31 14:26 - 2015-10-31 14:26 - 04009167 _____ C:\Users\Bambi\Downloads\ServicesRepair.exe
2015-10-31 14:26 - 2015-10-31 14:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2015-10-31 14:14 - 2015-10-31 14:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-31 14:13 - 2015-10-31 14:13 - 20656848 _____ (Tweaking.com) C:\Users\Bambi\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-10-31 10:14 - 2015-10-31 10:14 - 53770968 _____ (Microsoft Corporation) C:\Users\Bambi\Downloads\Windows-KB890830-x64-V5.29(1).exe
2015-10-30 17:56 - 2015-10-31 14:35 - 00000336 _____ C:\windows\setupact.log
2015-10-30 17:56 - 2015-10-30 17:56 - 00000000 _____ C:\windows\setuperr.log
2015-10-28 21:37 - 2015-10-28 21:37 - 00007586 _____ C:\Users\Bambi\Downloads\WinDefend.reg
2015-10-28 21:30 - 2015-10-28 21:30 - 53770968 _____ (Microsoft Corporation) C:\Users\Bambi\Downloads\Windows-KB890830-x64-V5.29.exe
2015-10-28 20:54 - 2015-10-28 20:54 - 06762072 _____ (Piriform Ltd) C:\Users\Bambi\Downloads\ccsetup511.exe
2015-10-27 20:10 - 2015-10-31 14:39 - 00003134 _____ C:\Users\Bambi\Downloads\FSS.txt
2015-10-27 20:09 - 2015-10-27 20:09 - 00899072 _____ (Farbar) C:\Users\Bambi\Downloads\FSS.exe
2015-10-26 19:47 - 2015-10-26 19:47 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-25 20:18 - 2015-10-25 20:18 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-25 20:18 - 2015-10-25 20:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-25 17:35 - 2015-10-25 17:35 - 00011109 _____ C:\Users\Bambi\Desktop\favourites.xlsx
2015-10-24 16:02 - 2015-10-24 16:02 - 22908888 _____ (Malwarebytes ) C:\Users\Bambi\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-24 09:51 - 2015-10-24 09:51 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Bambi\Downloads\rkill64-32313.exe
2015-10-22 21:31 - 2015-10-22 21:31 - 01691648 _____ C:\Users\Bambi\Downloads\adwcleaner_5.014.exe
2015-10-22 21:14 - 2015-10-22 21:14 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Bambi\Downloads\rkill64.exe
2015-10-22 21:13 - 2015-10-31 14:35 - 00001022 _____ C:\windows\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1.job
2015-10-22 21:13 - 2015-10-22 21:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Bambi\Downloads\rkill.exe
2015-10-22 21:13 - 2015-10-22 21:13 - 00004042 _____ C:\windows\System32\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1
2015-10-22 20:59 - 2015-10-22 20:59 - 00000869 _____ C:\windows\SysWOW64\${LOGFILE}
2015-10-22 20:37 - 2015-10-22 21:40 - 00001421 _____ C:\Users\Bambi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-22 20:19 - 2015-10-31 14:35 - 00001006 _____ C:\windows\Tasks\CUrG7rWPFoFuiVxSu.job
2015-10-22 20:19 - 2015-10-22 20:19 - 00004026 _____ C:\windows\System32\Tasks\CUrG7rWPFoFuiVxSu
2015-10-22 20:17 - 2015-10-22 20:17 - 00000000 ____D C:\Users\Bambi\AppData\Local\CrashRpt
2015-10-22 20:03 - 2015-10-22 20:03 - 00000034 _____ C:\windows\cdplayer.ini
2015-10-22 19:44 - 2015-10-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-10-22 19:44 - 2015-10-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-10-22 19:33 - 2015-10-31 14:35 - 00001026 _____ C:\windows\Tasks\Pns2piOadupVi8VCpctKU9rHkdn.job
2015-10-22 19:33 - 2015-10-22 19:33 - 00004046 _____ C:\windows\System32\Tasks\Pns2piOadupVi8VCpctKU9rHkdn
2015-10-22 19:31 - 2015-10-31 15:49 - 00001022 _____ C:\windows\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP.job
2015-10-22 19:31 - 2015-10-22 19:31 - 00004042 _____ C:\windows\System32\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP
2015-10-22 19:30 - 2015-10-22 21:10 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-22 19:05 - 2015-10-22 19:06 - 01461024 _____ C:\Users\Bambi\Downloads\Audiograbber - CHIP-Installer.exe
2015-10-22 18:57 - 2009-06-10 21:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-10-17 11:42 - 2015-10-17 11:42 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 20:02 - 2015-10-25 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 19:47 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-16 19:47 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-16 19:47 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-16 19:47 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-16 19:47 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-16 19:47 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-16 19:47 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-13 19:57 - 2015-09-18 19:31 - 00391784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-13 19:57 - 2015-09-18 18:58 - 00345688 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-13 19:57 - 2015-09-16 04:48 - 25851904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-13 19:57 - 2015-09-16 04:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-10-13 19:57 - 2015-09-16 04:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-10-13 19:57 - 2015-09-16 04:22 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-10-13 19:57 - 2015-09-16 04:21 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-13 19:57 - 2015-09-16 04:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-13 19:57 - 2015-09-16 04:21 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-10-13 19:57 - 2015-09-16 04:21 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-13 19:57 - 2015-09-16 04:21 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-10-13 19:57 - 2015-09-16 04:14 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-10-13 19:57 - 2015-09-16 04:13 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-10-13 19:57 - 2015-09-16 04:10 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-13 19:57 - 2015-09-16 04:09 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-13 19:57 - 2015-09-16 04:08 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-13 19:57 - 2015-09-16 04:08 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-10-13 19:57 - 2015-09-16 04:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-10-13 19:57 - 2015-09-16 04:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-10-13 19:57 - 2015-09-16 04:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-10-13 19:57 - 2015-09-16 03:58 - 20357632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-13 19:57 - 2015-09-16 03:58 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-13 19:57 - 2015-09-16 03:50 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 19:57 - 2015-09-16 03:46 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-10-13 19:57 - 2015-09-16 03:45 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-10-13 19:57 - 2015-09-16 03:45 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-13 19:57 - 2015-09-16 03:43 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-13 19:57 - 2015-09-16 03:41 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-10-13 19:57 - 2015-09-16 03:33 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-13 19:57 - 2015-09-16 03:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-10-13 19:57 - 2015-09-16 03:32 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-10-13 19:57 - 2015-09-16 03:32 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-10-13 19:57 - 2015-09-16 03:31 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-13 19:57 - 2015-09-16 03:31 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-13 19:57 - 2015-09-16 03:29 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-13 19:57 - 2015-09-16 03:29 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-13 19:57 - 2015-09-16 03:28 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-13 19:57 - 2015-09-16 03:28 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-10-13 19:57 - 2015-09-16 03:26 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-13 19:57 - 2015-09-16 03:26 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-10-13 19:57 - 2015-09-16 03:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-10-13 19:57 - 2015-09-16 03:24 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-13 19:57 - 2015-09-16 03:23 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-10-13 19:57 - 2015-09-16 03:22 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-13 19:57 - 2015-09-16 03:22 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-13 19:57 - 2015-09-16 03:22 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-10-13 19:57 - 2015-09-16 03:15 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-13 19:57 - 2015-09-16 03:11 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-13 19:57 - 2015-09-16 03:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 19:57 - 2015-09-16 03:07 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-10-13 19:57 - 2015-09-16 03:06 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-13 19:57 - 2015-09-16 03:05 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-13 19:57 - 2015-09-16 03:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-13 19:57 - 2015-09-16 03:04 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-10-13 19:57 - 2015-09-16 02:59 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-13 19:57 - 2015-09-16 02:58 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-13 19:57 - 2015-09-16 02:58 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-13 19:57 - 2015-09-16 02:56 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-13 19:57 - 2015-09-16 02:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-13 19:57 - 2015-09-16 02:55 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-10-13 19:57 - 2015-09-16 02:48 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-10-13 19:57 - 2015-09-16 02:37 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-13 19:57 - 2015-09-16 02:34 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-13 19:57 - 2015-09-16 02:32 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-10-13 19:57 - 2015-08-06 18:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-13 19:57 - 2015-08-06 18:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-10-13 19:57 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-13 19:57 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-10-13 19:52 - 2015-09-29 03:16 - 05569472 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-13 19:52 - 2015-09-29 03:10 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-10-13 19:52 - 2015-09-29 03:05 - 03990976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-10-13 19:52 - 2015-09-29 03:05 - 03936192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-10-13 19:52 - 2015-09-25 18:07 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-10-13 19:52 - 2015-09-25 18:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-10-13 19:52 - 2015-09-25 18:06 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-13 19:52 - 2015-09-25 18:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-10-13 19:52 - 2015-09-25 18:06 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-13 19:52 - 2015-09-25 18:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-10-13 19:52 - 2015-09-25 17:59 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-13 19:52 - 2015-09-25 17:59 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-13 19:52 - 2015-09-25 17:59 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-13 19:52 - 2015-09-25 17:59 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-10-13 19:52 - 2015-09-25 17:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-13 19:51 - 2015-10-01 18:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-13 19:51 - 2015-10-01 18:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-13 19:51 - 2015-10-01 18:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-10-13 19:51 - 2015-10-01 18:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-10-13 19:51 - 2015-10-01 18:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-10-13 19:51 - 2015-10-01 18:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-10-13 19:51 - 2015-10-01 18:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-10-13 19:51 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-10-13 19:51 - 2015-10-01 17:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-10-13 19:51 - 2015-09-29 03:13 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-10-13 19:51 - 2015-09-29 03:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-10-13 19:51 - 2015-09-29 03:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-10-13 19:51 - 2015-09-29 03:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-10-13 19:51 - 2015-09-29 03:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-10-13 19:51 - 2015-09-29 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-10-13 19:51 - 2015-09-29 03:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-10-13 19:51 - 2015-09-29 03:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-10-13 19:51 - 2015-09-29 03:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-10-13 19:51 - 2015-09-29 03:02 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-10-13 19:51 - 2015-09-29 02:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-10-13 19:51 - 2015-09-29 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-10-13 19:51 - 2015-09-29 02:58 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-10-13 19:51 - 2015-09-29 02:58 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-10-13 19:51 - 2015-09-29 02:58 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-10-13 19:51 - 2015-09-29 02:57 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-10-13 19:51 - 2015-09-29 02:57 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-10-13 19:51 - 2015-09-29 02:57 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-10-13 19:51 - 2015-09-29 02:57 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-10-13 19:51 - 2015-09-29 02:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-10-13 19:51 - 2015-09-29 02:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 01:50 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-10-13 19:51 - 2015-09-29 01:49 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-10-13 19:51 - 2015-09-29 01:49 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-10-13 19:51 - 2015-09-29 01:43 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-10-13 19:51 - 2015-09-29 01:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-10-13 19:51 - 2015-09-29 01:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 01:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 01:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 19:51 - 2015-09-29 01:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 19:51 - 2015-09-15 18:17 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-10-13 19:51 - 2015-09-15 18:17 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-10-13 19:51 - 2015-09-15 18:11 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-10-13 19:51 - 2015-09-15 18:11 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-10-13 19:51 - 2015-09-15 18:11 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-10-13 19:51 - 2015-09-15 18:11 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-10-13 19:51 - 2015-09-15 18:11 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-10-13 19:51 - 2015-09-15 18:11 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-10-13 19:51 - 2015-09-15 18:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-10-13 19:51 - 2015-09-15 17:36 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-10-13 19:51 - 2015-09-15 17:36 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-10-13 19:51 - 2015-09-15 17:36 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-10-13 19:51 - 2015-09-15 17:35 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 19:51 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 08:17 - 2015-10-13 08:18 - 00000000 ___HD C:\$Windows.~BT
2015-10-08 13:59 - 2015-10-08 13:59 - 00186880 _____ (TODO: <Company name>) C:\windows\system32\rsrcs.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-31 16:36 - 2012-04-24 01:46 - 01394913 _____ C:\windows\WindowsUpdate.log
2015-10-31 16:26 - 2015-06-20 11:15 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3178140741-1008856957-888535845-1002UA.job
2015-10-31 14:59 - 2012-09-29 14:08 - 00000000 ____D C:\Users\Bambi\BANK
2015-10-31 14:45 - 2009-07-14 04:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 14:45 - 2009-07-14 04:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 14:37 - 2013-04-12 14:36 - 00000000 ___RD C:\Users\Bambi\Dropbox
2015-10-31 14:37 - 2013-04-12 14:34 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\Dropbox
2015-10-31 14:35 - 2012-09-30 10:41 - 00000000 ____D C:\Users\Bambi\.rainlendar2
2015-10-31 14:35 - 2012-04-23 09:51 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-10-31 14:35 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-31 11:11 - 2012-04-23 09:51 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-10-30 18:01 - 2014-05-08 18:50 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{0BB674F7-B1D3-48E4-ABE6-1D6B05DBFFD7}
2015-10-30 17:26 - 2015-06-20 11:15 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3178140741-1008856957-888535845-1002Core.job
2015-10-28 21:26 - 2013-12-31 13:05 - 00002040 _____ C:\Users\Bambi\Desktop\Rkill.txt
2015-10-28 21:18 - 2013-01-02 18:37 - 00000000 ____D C:\Users\Bambi\AppData\Local\CrashDumps
2015-10-28 21:18 - 2011-02-11 19:57 - 00000000 ____D C:\windows\Panther
2015-10-28 20:46 - 2009-07-14 05:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-10-26 20:00 - 2013-12-31 13:11 - 00000000 ____D C:\AdwCleaner
2015-10-26 19:47 - 2015-03-15 12:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-26 19:46 - 2012-04-24 00:59 - 00704596 _____ C:\windows\system32\perfh007.dat
2015-10-26 19:46 - 2012-04-24 00:59 - 00154254 _____ C:\windows\system32\perfc007.dat
2015-10-26 19:46 - 2009-07-14 05:13 - 01622300 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-25 20:18 - 2012-08-27 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-25 19:31 - 2012-08-28 17:48 - 00000000 ____D C:\windows\System32\Tasks\Games
2015-10-24 16:03 - 2013-03-03 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-24 11:52 - 2013-01-27 16:47 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\PrimoPDF
2015-10-22 21:20 - 2012-08-27 15:25 - 00001421 _____ C:\Users\Bambi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-21 20:04 - 2012-08-27 15:31 - 01585784 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-10-18 17:02 - 2012-09-29 14:20 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\vlc
2015-10-17 11:36 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\NDF
2015-10-16 19:58 - 2015-08-31 18:42 - 00000000 ____D C:\Users\Bambi\Desktop\mumdad hawaii
2015-10-16 19:49 - 2014-12-14 09:16 - 00000000 ____D C:\windows\system32\appraiser
2015-10-16 19:49 - 2014-05-07 05:20 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-15 08:35 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
2015-10-13 21:14 - 2013-08-02 13:34 - 00000000 ____D C:\windows\system32\MRT
2015-10-13 21:11 - 2012-09-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-11 16:31 - 2015-04-07 20:38 - 00000000 ___SD C:\windows\system32\GWX
2015-10-11 16:29 - 2015-04-07 20:38 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-11 16:23 - 2013-10-02 20:36 - 00000000 ____D C:\Users\Bambi\Desktop\MISC
2015-10-02 12:09 - 2012-11-10 11:45 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-04-14 16:28 - 2015-04-14 16:28 - 0001171 _____ () C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1
2015-04-14 16:28 - 2015-04-14 16:28 - 0001171 _____ () C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu
2015-04-14 16:28 - 2015-04-14 16:28 - 0001171 _____ () C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn
2015-04-14 16:28 - 2015-04-14 16:28 - 0001171 _____ () C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP
2012-04-23 11:26 - 2012-04-23 11:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-23 11:20 - 2012-04-23 11:21 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-04-23 11:24 - 2012-04-23 11:24 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-23 11:21 - 2012-04-23 11:23 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-04-23 11:24 - 2012-04-23 11:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Einige Dateien in TEMP:
====================
C:\Users\Bambi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcjj6x.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-31 12:35

==================== Ende von FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 31 October 2015 - 01:25 PM

Remove these programs in bold using the Add/Remove Programs applet.

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ACHTUNG

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-17] ()
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 mrkndbhr; \??\C:\windows\system32\drivers\mrkndbhr.sys [X]
S1 tnjetfgf; \??\C:\windows\system32\drivers\tnjetfgf.sys [X]
Task: {59ECEEA0-DD53-4FD8-9084-132C268A12ED} - System32\Tasks\Pns2piOadupVi8VCpctKU9rHkdn => C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe <==== ACHTUNG
Task: {673DDA19-A199-4349-9E2F-58A81713FBFF} - System32\Tasks\CUrG7rWPFoFuiVxSu => C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe <==== ACHTUNG
Task: {904C97E4-55BC-4F5C-AB07-548AAD6B0234} - System32\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1 => C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe <==== ACHTUNG
Task: {A906880E-1597-4A71-AB41-677D0FFE477C} - \gze3012 -> Keine Datei <==== ACHTUNG
Task: {D6370292-AD4C-43EA-87C8-EA7D6002223E} - System32\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP => C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe <==== ACHTUNG
Task: C:\windows\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1.job => C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe <==== ACHTUNG
Task: C:\windows\Tasks\CUrG7rWPFoFuiVxSu.job => C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe <==== ACHTUNG
Task: C:\windows\Tasks\Pns2piOadupVi8VCpctKU9rHkdn.job => C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe <==== ACHTUNG
Task: C:\windows\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP.job => C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe <==== ACHTUNG
C:\Users\Bambi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcjj6x.dll
C:\Program Files (x86)\Common Files\Freemake Shared
C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe
C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe
C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe
C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Restart the computer normally to reset the registry.

how is the computer running now?

#5 Bambi86

Bambi86
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 31 October 2015 - 01:45 PM

here the fixlog file:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von Bambi (2015-10-31 18:38:55) Run:1
Gestartet von C:\Users\Bambi\Downloads
Geladene Profile: UpdatusUser & Bambi (Verfügbare Profile: UpdatusUser & Bambi)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-17] ()
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 mrkndbhr; \??\C:\windows\system32\drivers\mrkndbhr.sys [X]
S1 tnjetfgf; \??\C:\windows\system32\drivers\tnjetfgf.sys [X]
Task: {59ECEEA0-DD53-4FD8-9084-132C268A12ED} - System32\Tasks\Pns2piOadupVi8VCpctKU9rHkdn => C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe <==== ACHTUNG
Task: {673DDA19-A199-4349-9E2F-58A81713FBFF} - System32\Tasks\CUrG7rWPFoFuiVxSu => C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe <==== ACHTUNG
Task: {904C97E4-55BC-4F5C-AB07-548AAD6B0234} - System32\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1 => C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe <==== ACHTUNG
Task: {A906880E-1597-4A71-AB41-677D0FFE477C} - \gze3012 -> Keine Datei <==== ACHTUNG
Task: {D6370292-AD4C-43EA-87C8-EA7D6002223E} - System32\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP => C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe <==== ACHTUNG
Task: C:\windows\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1.job => C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe <==== ACHTUNG
Task: C:\windows\Tasks\CUrG7rWPFoFuiVxSu.job => C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe <==== ACHTUNG
Task: C:\windows\Tasks\Pns2piOadupVi8VCpctKU9rHkdn.job => C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe <==== ACHTUNG
Task: C:\windows\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP.job => C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe <==== ACHTUNG
C:\Users\Bambi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcjj6x.dll
C:\Program Files (x86)\Common Files\Freemake Shared
C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe
C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe
C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe
C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe

End
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe => Keine laufenden Prozesse gefunden
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => Wert nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Schlüssel erfolgreich entfernt
MBAMSwissArmy => Dienst erfolgreich entfernt
mrkndbhr => Dienst erfolgreich entfernt
tnjetfgf => Dienst erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59ECEEA0-DD53-4FD8-9084-132C268A12ED}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59ECEEA0-DD53-4FD8-9084-132C268A12ED}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\Pns2piOadupVi8VCpctKU9rHkdn => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pns2piOadupVi8VCpctKU9rHkdn" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{673DDA19-A199-4349-9E2F-58A81713FBFF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{673DDA19-A199-4349-9E2F-58A81713FBFF}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\CUrG7rWPFoFuiVxSu => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CUrG7rWPFoFuiVxSu" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{904C97E4-55BC-4F5C-AB07-548AAD6B0234}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{904C97E4-55BC-4F5C-AB07-548AAD6B0234}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7HA6KjRqrEahlRXR4pDpNbHi1" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A906880E-1597-4A71-AB41-677D0FFE477C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A906880E-1597-4A71-AB41-677D0FFE477C}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gze3012 => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6370292-AD4C-43EA-87C8-EA7D6002223E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6370292-AD4C-43EA-87C8-EA7D6002223E}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSCxidxnOYS1Hfw6UmLY1ayQP" => Schlüssel erfolgreich entfernt
C:\windows\Tasks\7HA6KjRqrEahlRXR4pDpNbHi1.job => erfolgreich verschoben
C:\windows\Tasks\CUrG7rWPFoFuiVxSu.job => erfolgreich verschoben
C:\windows\Tasks\Pns2piOadupVi8VCpctKU9rHkdn.job => erfolgreich verschoben
C:\windows\Tasks\PSCxidxnOYS1Hfw6UmLY1ayQP.job => erfolgreich verschoben
C:\Users\Bambi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcjj6x.dll => erfolgreich verschoben
"C:\Program Files (x86)\Common Files\Freemake Shared" => nicht gefunden.
"C:\Users\Bambi\AppData\Roaming\Pns2piOadupVi8VCpctKU9rHkdn.exe" => nicht gefunden.
"C:\Users\Bambi\AppData\Roaming\CUrG7rWPFoFuiVxSu.exe" => nicht gefunden.
"C:\Users\Bambi\AppData\Roaming\7HA6KjRqrEahlRXR4pDpNbHi1.exe" => nicht gefunden.
"C:\Users\Bambi\AppData\Roaming\PSCxidxnOYS1Hfw6UmLY1ayQP.exe" => nicht gefunden.
EmptyTemp: => 410.9 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:39:31 ====

 

 

I'm running the adwcleaner now and will upload the log file.



#6 Bambi86

Bambi86
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 31 October 2015 - 02:04 PM

and here the adwcleaner log:

# AdwCleaner v5.015 - Bericht erstellt am 31/10/2015 um 18:49:29
# Aktualisiert am 26/10/2015 von Xplode
# Datenbank : 2015-10-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Bambi - HELLA
# Gestartet von : C:\Users\Bambi\Downloads\adwcleaner_5.015.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Internetbrowser ] *****


*************************

:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [924 Bytes] ##########
 



#7 Bambi86

Bambi86
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 31 October 2015 - 02:49 PM

hey, so i played a little bit around. browser windows still flicker every now and then (I think generally when I'm scrolling or typing, but that might be coincidence as I guess 90% of the time you either scroll or type). I ran Farbar again and WinDefend is still not running. How do I get that started?

I checked in the services and Microsoft Antimalware Service is set to "Automatic".

 

Farbar log:

 

Farbar Service Scanner Version: 26-07-2015
Ran by Bambi (administrator) on 31-10-2015 at 19:41:52
Running from "C:\Users\Bambi\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 01 November 2015 - 08:15 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 07 November 2015 - 09:35 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 13 November 2015 - 10:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users