| |
| |||||||
Log-Analyse und Auswertung: Reste von Toolbars o.ä. gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.08.2014, 16:56
| #1 |
| |  Reste von Toolbars o.ä. gefunden Hab mir vor ein paar Tagen "RadioRage" eingefangen, ich hab es entfernt, aber da scheint noch anderes drauf zu sein. Malwarebytes und Adwcleaner hab ich schon benutzt und die entprechenden files in die Quarantäne verschoben. SystemLook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 21:25 on 31/07/2014 by Jesse
Administrator - Elevation successful
========== filefind ==========
Searching for "*bprotector*"
No files found.
Searching for "*Iminent*"
No files found.
Searching for "*LyricsContainer*"
No files found.
Searching for "*Babylon*"
No files found.
Searching for "*BrowserDefender*"
No files found.
Searching for "*BabSolution*"
No files found.
Searching for "*RadioRage*"
No files found.
Searching for "*Conduit*"
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750.png --a---- 1346 bytes [10:38 26/08/2013] [15:22 26/07/2012] 7C78444B802879E92DCE86DAF35C3824
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000.png --a---- 793 bytes [10:38 26/08/2013] [15:22 26/07/2012] 9D873E96E36B03DBD52AB98853407AF6
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250.png --a---- 1059 bytes [10:38 26/08/2013] [15:22 26/07/2012] A227374511D48950EC48A6A15F4541BB
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000.png --a---- 789 bytes [10:38 26/08/2013] [15:22 26/07/2012] 86D3043D6F316587C3720F2FBBCC6549
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250.png --a---- 728 bytes [10:38 26/08/2013] [15:22 26/07/2012] A276D6E6345751686804933685E86F6E
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750.png --a---- 969 bytes [10:38 26/08/2013] [15:22 26/07/2012] B033FEB6EADD5D827AD96FA0F0215B73
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500.png --a---- 1177 bytes [10:38 26/08/2013] [15:22 26/07/2012] 658B7FC9B84B15E731DDDD0E0AF2ABBD
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000.png --a---- 679 bytes [10:38 26/08/2013] [15:22 26/07/2012] EB1B088EDD86F1B754A90947556A9115
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_ct2269050_Images_634775124572492500.png --a---- 1392 bytes [10:38 26/08/2013] [15:22 26/07/2012] 2FE53D7A2CC73DEB8A0753B136AF88DC
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [10:38 26/08/2013] [15:22 26/07/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [10:38 26/08/2013] [15:22 26/07/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png --a---- 1666 bytes [10:38 26/08/2013] [15:22 26/07/2012] 672D1DFF2B0796954BCFA8C6A395C163
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750.png --a---- 1346 bytes [17:19 21/08/2013] [15:22 26/07/2012] 7C78444B802879E92DCE86DAF35C3824
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000.png --a---- 793 bytes [17:19 21/08/2013] [15:22 26/07/2012] 9D873E96E36B03DBD52AB98853407AF6
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250.png --a---- 1059 bytes [17:19 21/08/2013] [15:22 26/07/2012] A227374511D48950EC48A6A15F4541BB
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000.png --a---- 789 bytes [17:19 21/08/2013] [15:22 26/07/2012] 86D3043D6F316587C3720F2FBBCC6549
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250.png --a---- 728 bytes [17:19 21/08/2013] [15:22 26/07/2012] A276D6E6345751686804933685E86F6E
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750.png --a---- 969 bytes [17:19 21/08/2013] [15:22 26/07/2012] B033FEB6EADD5D827AD96FA0F0215B73
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500.png --a---- 1177 bytes [17:19 21/08/2013] [15:22 26/07/2012] 658B7FC9B84B15E731DDDD0E0AF2ABBD
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000.png --a---- 679 bytes [17:19 21/08/2013] [15:22 26/07/2012] EB1B088EDD86F1B754A90947556A9115
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_ct2269050_Images_634775124572492500.png --a---- 1392 bytes [17:19 21/08/2013] [15:22 26/07/2012] 2FE53D7A2CC73DEB8A0753B136AF88DC
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [17:19 21/08/2013] [15:22 26/07/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [17:19 21/08/2013] [15:22 26/07/2012] 948781E4B6478290050ECA4423B89B1E
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png --a---- 1666 bytes [17:19 21/08/2013] [15:22 26/07/2012] 672D1DFF2B0796954BCFA8C6A395C163
Searching for "*ilivid*"
No files found.
Searching for "*DataMngr*"
C:\Users\Jesse\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [19:05 31/07/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C
========== folderfind ==========
Searching for "*bprotector*"
No folders found.
Searching for "*Iminent*"
No folders found.
Searching for "*LyricsContainer*"
No folders found.
Searching for "*Babylon*"
No folders found.
Searching for "*BrowserDefender*"
No folders found.
Searching for "*BabSolution*"
No folders found.
Searching for "*RadioRage*"
No folders found.
Searching for "*Conduit*"
No folders found.
Searching for "*ilivid*"
No folders found.
Searching for "*DataMngr*"
No folders found.
========== regfind ==========
Searching for "bprotector"
No data found.
Searching for "Iminent"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"
Searching for "LyricsContainer"
No data found.
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "BrowserDefender"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
Searching for "BabSolution"
No data found.
Searching for "RadioRage"
No data found.
Searching for "Conduit"
No data found.
Searching for "ilivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup_C-r484-t-bf.exe]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
Searching for "DataMngr"
No data found.
-= EOF =-
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e15f42ec3840534f90f3e8b0fea09f50
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-31 10:26:32
# local_time=2014-08-01 12:26:32 (+0100, Mitteleurop臺sche Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 13746 171266082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6737979 11236481 0 0
# scanned=1041736
# found=2
# cleaned=0
# scan_time=9330
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="Variante von Win32/CNETInstaller.B evtl. unerwunschte Anwendung" ac=I fn="C:\Users\Jesse\AppData\Local\Temp\KMP_3.9.0.126.exe"
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 17:16:30
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000040 Samsung_SSD_840_Series rev.DXT08B0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jesse\AppData\Local\Temp\ufdoqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\wininit.exe[780] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\csrss.exe[788] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\services.exe[872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[308] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\System32\svchost.exe[776] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f80512177a 4 bytes [12, 05, F8, 07]
.text C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f805121782 4 bytes [12, 05, F8, 07]
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\igfxCUIService.exe[1236] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f80512177a 4 bytes [12, 05, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f805121782 4 bytes [12, 05, F8, 07]
.text C:\Windows\system32\svchost.exe[1592] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1916] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\dashost.exe[2108] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\System32\svchost.exe[2280] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fffb151b32 4 bytes [15, FB, FF, 07]
.text C:\Windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fffb151b3a 4 bytes [15, FB, FF, 07]
.text C:\Windows\system32\svchost.exe[2448] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[3188] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\svchost.exe[3256] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[4012] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\Explorer.EXE[1516] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\Explorer.EXE[1516] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f80512177a 4 bytes [12, 05, F8, 07]
.text C:\Windows\Explorer.EXE[1516] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f805121782 4 bytes [12, 05, F8, 07]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text C:\Windows\system32\SearchIndexer.exe[4676] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[5100] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3580] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4052] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f805e4f817 1 byte [62]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW] [6c001610] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowRgn] [6c00cc40] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!TrackPopupMenuEx] [6c00cb70] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!PeekMessageW] [6c00b1d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!DrawThemeTextEx] [6c0019d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeBool] [6c001730] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeColor] [6c001910] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!OpenThemeData] [6c0015b0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeRect] [6c0017c0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[dwmapi.dll!DwmEnableBlurBehindWindow] [6c00cd80] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[dwmapi.dll!DwmSetWindowAttribute] [6c009e00] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!ShowWindow] [6c009880] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!PostMessageW] [6c0098d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!SetCursorPos] [6c009db0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!TrackPopupMenu] [6c009c40] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [788:812] fffff9600090e5e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 2127446564
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0xFD 0xE6 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x22 0xBB 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0x43 0xD5 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x37 0x0C 0x37 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xFB 0x43 0xD5 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq2@hdf12 0xFB 0x43 0xD5 0x76 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Results of screen317's Security Check version 0.99.85
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 43
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (29.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
01.08.2014, 17:09
| #2 |
| /// the machine /// TB-Ausbilder    | Reste von Toolbars o.ä. gefunden hi,
__________________Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
und neue Systemlook-Suche.
__________________ |
|
01.08.2014, 19:16
| #3 |
| | Reste von Toolbars o.ä. gefunden Bin schon an der Arbeit, aber muss ich bei Firefox wirklich alles entfernen lassen? Meine Passwörter würde ich gerne behalten, zurücksetzen sollte genügen.
__________________FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014
Ran by Jesse (administrator) on BERSERK on 01-08-2014 20:10:19
Running from E:\Downloads
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AppWork GmbH) C:\Users\Jesse\AppData\Local\JDownloader v2.0\JDownloader2.exe
(Skillbrains) C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\3.4.0.0\Lightshot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Jesse\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jesse\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jesse\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jesse\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [F5D7050v3] => C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [D3DOverrider] => "C:\Users\Jesse\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [Steam] => "E:\Progamme\Steam.exe" -silent
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [F.lux] => C:\Users\Jesse\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [Google Update] => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-06] (Google Inc.)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [uTorrent] => C:\Users\Jesse\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [5679200 2013-12-09] (Visicom Media Inc.)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-12-24] (TrueCrypt Foundation)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\Run: [LightShot] => C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\LightShot.exe [226152 2013-02-21] ()
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\MountPoints2: {38cc6e68-82b5-11e3-bee2-94de8069fb71} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\MountPoints2: {c0103d97-37fa-11e3-bea6-94de8069fb71} - "G:\setup.exe"
HKU\S-1-5-21-1963634514-369274596-1414496168-1001\...\MountPoints2: {d5b70a1b-2ed0-11e3-bea2-94de8069fb71} - "F:\SETUP.EXE"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\コンテンツ管理アシスタント for PlayStation(R).lnk
ShortcutTarget: コンテンツ管理アシスタント for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE355BD1FEFDFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,ja;q=0.6,en-US;q=0.4,en;q=0.2
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\x476agx6.default-1406915729732
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jesse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2014-04-29]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-07]
FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] - C:\Program Files (x86)\LyricsSeeker\131.xpi
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://facebook.com/"
CHR Extension: (Google Docs) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-06]
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-06]
CHR Extension: (Google-Suche) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-06]
CHR Extension: (AdBlock) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-01]
CHR Extension: (avast! Online Security) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-22]
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-20] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [637440 2014-01-02] (FileZilla Project) [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-03-13] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-28] (DT Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-01-15] (AnchorFree Inc.)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-02-18] (Intel Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-28] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
U3 ufdoqpoc; \??\C:\Users\Jesse\AppData\Local\Temp\ufdoqpoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 19:55 - 2014-08-01 19:55 - 00000000 ____D () C:\Users\Jesse\Desktop\Alte Firefox-Daten
2014-08-01 19:47 - 2014-08-01 19:53 - 00000000 ____D () C:\Users\Jesse\Desktop\add-ons
2014-08-01 19:45 - 2014-08-01 19:45 - 02620112 _____ (Skillbrains ) C:\Users\Jesse\Desktop\setup-lightshot3-2-0-0.exe
2014-08-01 19:45 - 2014-08-01 19:45 - 00003274 _____ () C:\Windows\System32\Tasks\update-sys
2014-08-01 19:45 - 2014-08-01 19:45 - 00000404 _____ () C:\Windows\Tasks\update-sys.job
2014-08-01 19:45 - 2014-08-01 19:45 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Skillbrains
2014-08-01 19:45 - 2014-08-01 19:45 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-08-01 18:37 - 2014-08-01 18:37 - 00030481 _____ () C:\Users\Jesse\Desktop\noscript einstellungen.txt
2014-08-01 18:35 - 2014-08-01 18:35 - 00591117 _____ () C:\Users\Jesse\Desktop\bookmarks.html
2014-08-01 18:34 - 2014-08-01 18:34 - 00293686 _____ () C:\Users\Jesse\Desktop\bookmarks-2014-08-01.json
2014-08-01 18:21 - 2014-08-01 18:21 - 00448512 _____ (OldTimer Tools) C:\Users\Jesse\Desktop\TFC.exe
2014-08-01 16:39 - 2014-08-01 16:26 - 00050477 _____ () C:\Users\Jesse\Desktop\Defogger.exe
2014-08-01 16:26 - 2014-08-01 16:26 - 00000198 _____ () C:\Users\Jesse\defogger_reenable
2014-07-31 21:47 - 2014-07-31 21:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 21:15 - 2014-07-31 21:15 - 00001135 _____ () C:\Users\Jesse\Desktop\JRT.txt
2014-07-31 21:11 - 2014-07-31 21:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 20:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-31 20:13 - 2014-07-31 20:35 - 00000000 ____D () C:\AdwCleaner
2014-07-31 19:53 - 2014-08-01 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 16:53 - 2014-08-01 16:49 - 00094463 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 16:52 - 2014-08-01 14:50 - 00005120 _____ () C:\Windows\PFRO.log
2014-07-31 16:52 - 2014-07-31 16:53 - 00455560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 01:34 - 2014-07-31 01:34 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-31 01:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 01:34 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-31 01:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 01:26 - 2014-08-01 20:10 - 00000000 ____D () C:\FRST
2014-07-30 18:02 - 2014-07-30 18:02 - 00001344 _____ () C:\Users\Jesse\Desktop\CCleaner64.exe - Verknüpfung.lnk
2014-07-29 23:16 - 2014-07-29 23:43 - 00000000 ____D () C:\Users\Jesse\Desktop\Pixiv Downloader
2014-07-28 18:32 - 2014-07-28 18:32 - 00001122 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-07-28 18:32 - 2014-01-15 00:47 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-07-26 17:48 - 2014-07-26 17:48 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Adobe
2014-07-25 15:40 - 2014-07-25 15:40 - 00001340 _____ () C:\Users\Jesse\Desktop\Freemake Video Converter.lnk
2014-07-23 21:40 - 2014-08-01 16:17 - 00000000 ____D () C:\The KMPlayer
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-07-23 20:02 - 2014-07-23 23:03 - 00001042 _____ () C:\Users\Jesse\AppData\Roaming\coreavc.ini
2014-07-23 19:50 - 2014-07-23 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-07-23 19:50 - 2014-07-23 19:50 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2014-07-23 19:50 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter64.acm
2014-07-23 19:44 - 2014-07-23 19:44 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoreCodec
2014-07-23 19:44 - 2014-07-23 19:44 - 00000000 ____D () C:\Program Files (x86)\CoreCodec
2014-07-16 01:07 - 2014-07-16 01:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-10 18:01 - 2014-07-10 18:01 - 00001174 _____ () C:\Users\Jesse\Desktop\SpeedAutoClicker.exe - Verknüpfung.lnk
2014-07-10 06:54 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 06:54 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 17:22 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:22 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:22 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 17:22 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 17:22 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 17:22 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:22 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 17:22 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:22 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 17:22 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:22 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 17:22 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 17:22 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 17:22 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 17:22 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:22 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 17:22 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 17:22 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 17:22 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 17:22 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:22 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:22 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 17:22 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 17:22 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 17:22 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 17:22 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:22 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 17:22 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 17:22 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 17:22 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 17:22 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 17:22 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 17:22 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 17:22 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 17:22 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 17:22 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:22 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 17:22 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:22 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 20:10 - 2014-07-31 01:26 - 00000000 ____D () C:\FRST
2014-08-01 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 19:55 - 2014-08-01 19:55 - 00000000 ____D () C:\Users\Jesse\Desktop\Alte Firefox-Daten
2014-08-01 19:53 - 2014-08-01 19:47 - 00000000 ____D () C:\Users\Jesse\Desktop\add-ons
2014-08-01 19:51 - 2013-08-26 13:56 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Skype
2014-08-01 19:45 - 2014-08-01 19:45 - 02620112 _____ (Skillbrains ) C:\Users\Jesse\Desktop\setup-lightshot3-2-0-0.exe
2014-08-01 19:45 - 2014-08-01 19:45 - 00003274 _____ () C:\Windows\System32\Tasks\update-sys
2014-08-01 19:45 - 2014-08-01 19:45 - 00000404 _____ () C:\Windows\Tasks\update-sys.job
2014-08-01 19:45 - 2014-08-01 19:45 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Skillbrains
2014-08-01 19:45 - 2014-08-01 19:45 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-08-01 19:45 - 2014-05-19 07:28 - 00003252 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-1963634514-369274596-1414496168-1001
2014-08-01 19:45 - 2014-05-19 07:28 - 00000923 _____ () C:\Users\Jesse\AppData\Local\UserProducts.xml
2014-08-01 19:45 - 2014-05-19 07:28 - 00000404 _____ () C:\Windows\Tasks\update-S-1-5-21-1963634514-369274596-1414496168-1001.job
2014-08-01 19:45 - 2014-05-19 07:28 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 19:38 - 2013-08-29 19:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 19:17 - 2013-10-06 02:33 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001UA.job
2014-08-01 18:59 - 2013-08-29 18:43 - 00000000 ____D () C:\Users\Jesse\AppData\Local\JDownloader v2.0
2014-08-01 18:37 - 2014-08-01 18:37 - 00030481 _____ () C:\Users\Jesse\Desktop\noscript einstellungen.txt
2014-08-01 18:35 - 2014-08-01 18:35 - 00591117 _____ () C:\Users\Jesse\Desktop\bookmarks.html
2014-08-01 18:34 - 2014-08-01 18:34 - 00293686 _____ () C:\Users\Jesse\Desktop\bookmarks-2014-08-01.json
2014-08-01 18:21 - 2014-08-01 18:21 - 00448512 _____ (OldTimer Tools) C:\Users\Jesse\Desktop\TFC.exe
2014-08-01 18:07 - 2013-08-26 14:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1963634514-369274596-1414496168-1001
2014-08-01 17:23 - 2014-07-31 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 16:50 - 2014-01-02 04:38 - 00005114 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Berserk-Jesse Berserk
2014-08-01 16:49 - 2014-07-31 16:53 - 00094463 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 16:33 - 2014-02-24 00:01 - 00495806 _____ () C:\Windows\system32\perfh011.dat
2014-08-01 16:33 - 2014-02-24 00:01 - 00133348 _____ () C:\Windows\system32\perfc011.dat
2014-08-01 16:33 - 2012-07-26 12:27 - 00742640 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 16:33 - 2012-07-26 12:27 - 00155698 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 16:33 - 2012-07-26 09:28 - 02367698 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 16:29 - 2013-08-27 23:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-01 16:29 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 16:26 - 2014-08-01 16:39 - 00050477 _____ () C:\Users\Jesse\Desktop\Defogger.exe
2014-08-01 16:26 - 2014-08-01 16:26 - 00000198 _____ () C:\Users\Jesse\defogger_reenable
2014-08-01 16:26 - 2013-08-26 12:21 - 00000000 ____D () C:\Users\Jesse
2014-08-01 16:17 - 2014-07-23 21:40 - 00000000 ____D () C:\The KMPlayer
2014-08-01 14:50 - 2014-07-31 16:52 - 00005120 _____ () C:\Windows\PFRO.log
2014-08-01 00:17 - 2013-10-06 02:33 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001Core.job
2014-07-31 23:55 - 2014-04-17 16:39 - 00000000 ____D () C:\Users\Jesse\Desktop\Danbooru Downloader
2014-07-31 21:47 - 2014-07-31 21:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 21:15 - 2014-07-31 21:15 - 00001135 _____ () C:\Users\Jesse\Desktop\JRT.txt
2014-07-31 21:11 - 2014-07-31 21:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 20:35 - 2014-07-31 20:13 - 00000000 ____D () C:\AdwCleaner
2014-07-31 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-31 17:57 - 2013-11-07 08:28 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-07-31 16:53 - 2014-07-31 16:52 - 00455560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 01:34 - 2014-07-31 01:34 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 01:34 - 2014-07-31 01:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-30 21:06 - 2013-11-17 20:54 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\MPC-HC
2014-07-30 18:02 - 2014-07-30 18:02 - 00001344 _____ () C:\Users\Jesse\Desktop\CCleaner64.exe - Verknüpfung.lnk
2014-07-30 18:02 - 2013-10-05 22:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 17:47 - 2013-10-05 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-30 17:40 - 2013-10-27 22:27 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\DAEMON Tools Pro
2014-07-30 17:40 - 2013-08-29 20:25 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\uTorrent
2014-07-29 23:43 - 2014-07-29 23:16 - 00000000 ____D () C:\Users\Jesse\Desktop\Pixiv Downloader
2014-07-29 15:42 - 2014-04-17 16:15 - 00000000 ____D () C:\Program Files\Waterfox
2014-07-28 18:32 - 2014-07-28 18:32 - 00001122 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-07-28 18:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-28 18:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Resources
2014-07-28 18:12 - 2014-07-28 18:11 - 00000099 _____ () C:\Users\Jesse\Desktop\kackliste.txt
2014-07-28 15:28 - 2013-11-12 01:44 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\HandBrake
2014-07-28 12:54 - 2014-07-28 12:54 - 00001346 _____ () C:\Users\Jesse\Desktop\TrueCrypt.exe - Verknüpfung.lnk
2014-07-28 02:54 - 2013-08-26 13:59 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\vlc
2014-07-26 17:50 - 2013-09-02 08:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-26 17:48 - 2014-07-26 17:48 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Adobe
2014-07-26 16:03 - 2013-09-07 00:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-25 15:40 - 2014-07-25 15:40 - 00001340 _____ () C:\Users\Jesse\Desktop\Freemake Video Converter.lnk
2014-07-23 23:03 - 2014-07-23 20:02 - 00001042 _____ () C:\Users\Jesse\AppData\Roaming\coreavc.ini
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-07-23 20:18 - 2013-10-15 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-07-23 20:18 - 2013-10-15 21:10 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-07-23 20:16 - 2013-10-15 21:18 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Media Player Classic
2014-07-23 19:50 - 2014-07-23 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-07-23 19:50 - 2014-07-23 19:50 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2014-07-23 19:44 - 2014-07-23 19:44 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoreCodec
2014-07-23 19:44 - 2014-07-23 19:44 - 00000000 ____D () C:\Program Files (x86)\CoreCodec
2014-07-21 20:57 - 2013-11-12 01:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Subtitle Edit
2014-07-21 13:35 - 2014-06-20 04:02 - 00000000 ____D () C:\Users\Jesse\Desktop\skype
2014-07-21 01:20 - 2014-07-28 18:11 - 00000000 _____ () C:\Users\Jesse\Desktop\Zetsuen no tempest, welcome to nhk und chaos head schauen.txt
2014-07-20 14:54 - 2014-06-27 21:34 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Xfire
2014-07-20 14:54 - 2014-06-27 21:34 - 00000000 ____D () C:\ProgramData\Xfire
2014-07-20 14:53 - 2014-06-27 21:34 - 00000000 ____D () C:\Program Files (x86)\Xfire2
2014-07-20 14:48 - 2014-06-27 21:41 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-07-19 13:11 - 2013-08-29 19:34 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-19 03:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-16 01:07 - 2014-07-16 01:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 01:07 - 2014-04-29 01:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 01:07 - 2014-02-24 00:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 01:07 - 2013-09-07 00:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 01:07 - 2013-08-26 14:05 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-13 00:10 - 2013-08-21 23:18 - 00000024 _____ () C:\Users\Jesse\random.dat
2014-07-13 00:04 - 2013-11-01 20:58 - 00000023 _____ () C:\Users\Jesse\jagexappletviewer.preferences
2014-07-13 00:03 - 2013-08-21 23:18 - 00000044 _____ () C:\Users\Jesse\jagex_cl_runescape_LIVE.dat
2014-07-12 18:41 - 2013-10-20 19:37 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\TS3Client
2014-07-12 18:17 - 2013-10-20 19:37 - 00000000 ____D () C:\Users\Jesse\AppData\Local\TeamSpeak 3 Client
2014-07-12 17:21 - 2014-01-02 04:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-12 17:21 - 2014-01-02 04:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 17:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-10 18:01 - 2014-07-10 18:01 - 00001174 _____ () C:\Users\Jesse\Desktop\SpeedAutoClicker.exe - Verknüpfung.lnk
2014-07-10 01:23 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 01:23 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 01:23 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 01:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 00:42 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 00:41 - 2013-08-29 05:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 00:40 - 2013-02-16 14:59 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 00:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 21:14 - 2013-12-08 02:07 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Paint.NET
Files to move or delete:
====================
C:\Users\Jesse\jagex_cl_runescape_LIVE.dat
C:\Users\Jesse\random.dat
Some content of TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\proxy_vole2943924163327353206.dll
C:\Users\Jesse\AppData\Local\Temp\proxy_vole5799442691773055016.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-01 15:40
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014
Ran by Jesse at 2014-08-01 20:10:37
Running from E:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS B14.0418.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B14.0418.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
[Astyles.Org][Win8] Hatsune Miku By HT 1.00 (HKLM-x32\...\[Astyles.Org][Win8] Hatsune Miku By HT 1.00) (Version: 1.00 - Astyles.Org)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.1 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Aegisub 2.1.9 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 2.1.9 - Aegisub Team)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice: Madness Returns (CREATED BY XEONKINGゥ) (HKLM-x32\...\ALICE MADNESS RETURNS_is1) (Version: - )
AllToAVI v4 r5394 (HKLM-x32\...\AllToAVI) (Version: v4 r5394 - Genesis Kiith Zio Matrix)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Anker Precision Laser Gaming Mouse version 1.2 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.2 - ANKER Technology)
Anki (HKLM-x32\...\Anki) (Version: - )
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.0429 - Gigabyte)
APP Center (x32 Version: 1.14.0429 - Gigabyte) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Belkin 54Mbps Wireless Network Adapter (HKLM-x32\...\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}) (Version: 1.00.01 - Belkin)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version: - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version: - Microsoft)
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version: - )
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKCU\...\Flux) (Version: - )
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.7.4.1 (HKCU\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.43 - FileZilla Project)
ƒNƒ‰ƒX‘Sˆõƒ}ƒa‚Å‚ä‚èI (HKLM-x32\...\MADIYURI) (Version: - )
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Grabber version 3.4.1 (HKLM-x32\...\{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1) (Version: 3.4.1 - Bionus)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Honeyview (HKLM\...\Honeyview) (Version: 5.02 - Bandisoft.com)
Intel Extreme Tuning Utility (HKLM-x32\...\{185df49c-e692-4c00-a9ff-827bc6f4c8bf}) (Version: 4.4.0.4 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 4.4.0.4 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Intelョ Watchdog Timer Driver (Intelョ WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intelョ Watchdog Timer Driver (Intelョ WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 43 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216043FF}) (Version: 6.0.430 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
LAV Filters 0.58.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.58.2 - Hendrik Leppkes)
lightshot-3.4.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 3.4.0.0 - Skillbrains)
Lyrics Seeker (HKLM-x32\...\{00698672-bc5e-4478-a102-b5fa0ec8c5cf}) (Version: - Lyris Seeker Addon) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 4.0.44 (HKLM-x32\...\ManyCam) (Version: 4.0.44 - Visicom Media Inc.)
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)
MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MPC-HC 1.7.6 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.46.0 - Black Tree Gaming)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlast (HKLM-x32\...\Outlast_is1) (Version: - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
saaveenoshArre (HKLM-x32\...\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}) (Version: 2.2.0.1292 - Savenshhare) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.1.1307.29) (Version: 2.1.1307.29 - Solveig Multimedia)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StartIsBack (HKLM-x32\...\StartIsBack) (Version: - startisback.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subtitle Edit 3.3.9 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.9.2149 - Nikse)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls Skyrim V - Ultimate Legendary Edition 1.00 (HKLM-x32\...\The Elder Scrolls Skyrim V - Ultimate Legendary Edition 1.00) (Version: 1.00 - Ecos)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV)
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version: - Atlantic Software Exchange, Inc.)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.02 - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CE9A9D7C-B6FB-4F6C-8BDE-9A1ADBBAC1EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{00BBBFFE-8889-4953-956A-77DDE975A947}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{BF0D921F-E77E-4E03-BE71-46D9D2C7A36A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
VLC media player 2.1.0-pre1 (HKLM\...\VLC media player) (Version: 2.1.0-pre1 - VideoLAN)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warframe (HKLM-x32\...\{4C8CFCAF-4589-46E7-ABB8-438A73CF4996}) (Version: 1.0.0 - Digital Extremes)
Waterfox 31.0 (x64 en-US) (HKLM\...\Waterfox 31.0 (x64 en-US)) (Version: 31.0 - Mozilla)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
xy-VSFilter 3.0.0.211 (HKLM-x32\...\xy-VSFilter_is1) (Version: 3.0.0.211 - xy-VSFilter Team)
Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version: - )
コンテンツ管理アシスタント for PlayStation(R) (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1963634514-369274596-1414496168-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
12-07-2014 15:20:50 Windows Update
15-07-2014 23:06:33 avast! antivirus system restore point
25-07-2014 19:38:43 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {23C612A2-26C6-416E-BCB2-A7E5B1D62975} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {49ED06A6-A793-4F6F-846C-18DD76A37094} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Berserk-Jesse Berserk => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {4C9B7FD6-CDBE-419E-91B1-08AACCBDC3E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {50911FCF-12A4-4B4C-BE22-D32C3FEC273F} - System32\Tasks\Windows Defender Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2014-03-29] (Microsoft Corporation)
Task: {69BD4032-C1E1-4719-B762-5F6BB7EF8B4F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {70BB714C-4B99-4276-AE1C-CB5805EA9F22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001Core => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {93595F45-4B3C-4493-BCEA-54E4A804D259} - System32\Tasks\update-S-1-5-21-1963634514-369274596-1414496168-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-01-16] ()
Task: {A2DD14CC-427E-46BE-B85A-56FB98853DA3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CA62B801-53F5-4848-BA67-1F6666F56DD1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D1A87EE1-D34C-4F11-80A4-07D8A7CE9A4F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001UA => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {D9B2A5C4-BF1B-4958-AF22-5F2251250586} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-01-16] ()
Task: {E7BEEEDD-5D17-4682-B756-F522A8B203DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4BC2F9B-10AD-47DF-8601-AC5C5E55F7A6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {FE2D5D5D-9CA8-47BA-A7A5-8DD8C396034F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001Core.job => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1963634514-369274596-1414496168-1001UA.job => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1963634514-369274596-1414496168-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2013-08-26 13:17 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2014-08-01 18:59 - 2014-08-01 18:59 - 00040448 ____N () C:\Users\Jesse\AppData\Local\Temp\proxy_vole5799442691773055016.dll
2014-08-01 18:59 - 2014-08-01 18:59 - 00566439 _____ () C:\Users\Jesse\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-08-01 18:59 - 2014-08-01 18:59 - 04078962 _____ () C:\Users\Jesse\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-07-16 01:06 - 2014-07-16 01:06 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 14:51 - 2014-08-01 14:51 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080100\algo.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
2014-07-16 01:06 - 2014-07-16 01:06 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-30 00:46 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-29 16:33 - 2014-04-29 16:33 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-18 20:18 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Jesse\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 20:18 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Jesse\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 20:18 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Jesse\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 20:18 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Jesse\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 20:18 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Jesse\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\Users\All Users:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\ProgramData\Application Data:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\Users\Jesse\Druckumgebung:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\Users\Jesse\Netzwerkumgebung:{7a41823e-77c5-4285-afd4-98e2d850be14}
AlternateDataStreams: C:\Users\Jesse\Vorlagen:{7a41823e-77c5-4285-afd4-98e2d850be14}
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Inhaltsmanager-Assistent für PlayStation(R).lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "D3DOverrider"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "F.lux"
HKCU\...\StartupApproved\Run: => "ManyCam"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/01/2014 08:05:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 07:46:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftonicDownloader_fuer_lightshot.exe, Version 1.41.3.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9fc
Startzeit: 01cfadaeb2bc3e6e
Endzeit: 1
Anwendungspfad: E:\Downloads\SoftonicDownloader_fuer_lightshot.exe
Berichts-ID: cf3bd9fa-19a3-11e4-802b-94de8069fb71
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2014 07:33:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 07:33:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 07:33:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 05:03:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.59.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12b0
Startzeit: 01cfad950f10dd85
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 0f36955d-198d-11e4-802b-94de8069fb71
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2014 04:38:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 04:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007ff9b060368
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
Error: (08/01/2014 03:41:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/01/2014 02:52:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007f9b44d0368
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
System errors:
=============
Error: (08/01/2014 04:30:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2014 04:29:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/01/2014 04:27:19 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (08/01/2014 02:52:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2014 02:52:01 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/01/2014 02:51:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2014 02:50:54 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/01/2014 00:34:38 AM) (Source: DCOM) (EventID: 10010) (User: Berserk)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (08/01/2014 00:34:08 AM) (Source: DCOM) (EventID: 10010) (User: Berserk)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (08/01/2014 00:33:38 AM) (Source: DCOM) (EventID: 10010) (User: Berserk)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
Error: (08/01/2014 08:05:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\SoftonicDownloader_fuer_lightshot.exe
Error: (08/01/2014 07:46:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_fuer_lightshot.exe1.41.3.49fc01cfadaeb2bc3e6e1E:\Downloads\SoftonicDownloader_fuer_lightshot.execf3bd9fa-19a3-11e4-802b-94de8069fb71
Error: (08/01/2014 07:33:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\SoftonicDownloader_fuer_lightshot.exe
Error: (08/01/2014 07:33:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\SoftonicDownloader_fuer_lightshot.exe
Error: (08/01/2014 07:33:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\SoftonicDownloader_fuer_lightshot.exe
Error: (08/01/2014 05:03:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.59.10512b001cfad950f10dd854294967295C:\Program Files (x86)\Skype\Phone\Skype.exe0f36955d-198d-11e4-802b-94de8069fb71
Error: (08/01/2014 04:38:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\esetsmartinstaller_deu.exe
Error: (08/01/2014 04:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007ff9b06036894001cfad950a922f0eC:\Program Files\KMSpico\Service_KMS.exeunknown4eaa2915-1988-11e4-802b-94de8069fb71
Error: (08/01/2014 03:41:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (08/01/2014 02:52:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007f9b44d03689c801cfad876989de8eC:\Program Files\KMSpico\Service_KMS.exeunknownad803db1-197a-11e4-802a-94de8069fb71
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8079.15 MB
Available physical RAM: 5304.05 MB
Total Pagefile: 11279.15 MB
Available Pagefile: 8615.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:111.45 GB) (Free:46.85 GB) NTFS
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:144.92 GB) NTFS
Drive k: (Volume) (Fixed) (Total:2794.39 GB) (Free:2596.58 GB) NTFS
Drive m: () (Fixed) (Total:1863.01 GB) (Free:120.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3E2D48AF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 36820B97)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F8740EFE)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 20:31 on 01/08/2014 by Jesse
Administrator - Elevation successful
========== filefind ==========
Searching for "*bprotector*"
No files found.
Searching for "*Iminent*"
No files found.
Searching for "*LyricsContainer*"
No files found.
Searching for "*Babylon*"
No files found.
Searching for "*BrowserDefender*"
No files found.
Searching for "*BabSolution*"
No files found.
Searching for "*RadioRage*"
No files found.
Searching for "*Conduit*"
No files found.
Searching for "*ilivid*"
No files found.
Searching for "*DataMngr*"
No files found.
========== folderfind ==========
Searching for "*bprotector*"
No folders found.
Searching for "*Iminent*"
No folders found.
Searching for "*LyricsContainer*"
No folders found.
Searching for "*Babylon*"
No folders found.
Searching for "*BrowserDefender*"
No folders found.
Searching for "*BabSolution*"
No folders found.
Searching for "*RadioRage*"
No folders found.
Searching for "*Conduit*"
No folders found.
Searching for "*ilivid*"
No folders found.
Searching for "*DataMngr*"
No folders found.
========== regfind ==========
Searching for "bprotector"
No data found.
Searching for "Iminent"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"
Searching for "LyricsContainer"
No data found.
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "BrowserDefender"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
Searching for "BabSolution"
No data found.
Searching for "RadioRage"
No data found.
Searching for "Conduit"
No data found.
Searching for "ilivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup_C-r484-t-bf.exe]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
Searching for "DataMngr"
No data found.
-= EOF =-
Geändert von maskkulin (01.08.2014 um 19:38 Uhr) |
|
02.08.2014, 20:14
| #4 |
| /// the machine /// TB-Ausbilder | Reste von Toolbars o.ä. gefunden Passwörter haben ja auch nix mit Firefox zu tun. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.08.2014, 22:22
| #5 |
| | Reste von Toolbars o.ä. gefunden Wie du siehst wurden bei Systemlook noch Reste von "Iminent", "Babylon", "BrowserDefender" und "ilivid" gefunden. Weiß nicht ob das schlimm ist.. |
|
03.08.2014, 07:08
| #6 |
| /// the machine /// TB-Ausbilder | Reste von Toolbars o.ä. gefunden Die Frage war eher ob DU noch irgendwas bemerkst, bevor ich jetzt die inaktiven Reste der Registry raus fixe, du aber immer noch aktiv Probleme hast 
__________________ --> Reste von Toolbars o.ä. gefunden |
|
03.08.2014, 16:02
| #7 |
| | Reste von Toolbars o.ä. gefunden ne mir fällt nichts auf |
|
04.08.2014, 09:35
| #8 |
| /// the machine /// TB-Ausbilder | Reste von Toolbars o.ä. gefunden Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen) Code:
ATTFilter Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
[-HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\BitTorrent\uTorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup_C-r484-t-bf.exe]
[-HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2014, 18:45
| #9 |
| | Reste von Toolbars o.ä. gefunden Perftekt, jetzt wurde nichts mehr gefunden, wusste nicht dass es so einfach ist. Vielen dank |
|
05.08.2014, 12:39
| #10 |
| /// the machine /// TB-Ausbilder | Reste von Toolbars o.ä. gefunden Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.08.2014, 22:47
| #11 |
| | Reste von Toolbars o.ä. gefunden Nochmal danke, ich hab nun alles erledigt und euer Forum weiterempfohlen |
|
08.08.2014, 16:33
| #12 |
| /// the machine /// TB-Ausbilder | Reste von Toolbars o.ä. gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Reste von Toolbars o.ä. gefunden |
| adobe, adobe flash player, antivirus, avast, dll, downloader, escan, explorer, firefox, flash player, google, harddisk, internet, internet explorer, lsass.exe, malwarebytes, microsoft, mozilla, nvidia, registry, services.exe, software, svchost.exe, temp, windows.old, winlogon.exe |
Linear-Darstellung
