| |
| |||||||
Log-Analyse und Auswertung: Programme minimieren sich automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.01.2015, 13:59
| #1 |
 |  Programme minimieren sich automatisch Hallo zusammen, seit längerem habe ich das Problem, dass sich Programme automatisch minimieren. Vorallem bei Spielen. Ich dachte erst, es hänge mit der plötzlich auftauchenden Meldung ("Windows 7 - Build 7601 - Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt", ich habe Windows 7 schon seit es neu auf den Markt gekommen ist) zusammen, doch hat mich ein Thread in dieser Community, eines besseren belehrt. Was ich am Pc geändert habe: Motherboard und CPU aufgerüstet. Mein Rig: Intel Core i5 4670K Windows 7 64-bit Mainboard: G1.Sniper Z87 4 GB-Ram NVIDIA GeForce GTS 450 Ich habe das Avast Free Antivirus Programm Letzte Schnell Überprüfung: C:/Users/Movco/AppData/Roaming/OpenCandy/584A7A8B0EC840248534A50D67103013/search_protect_global.exe Bedrohung: Wind32:Adware-CBY(Adw) Hier die Logs (UI Tracking) Code:
ATTFilter
Sun Nov 23 08:49:16 2014 - /popup/prog_available
Sun Nov 23 13:03:13 2014 - /popup/software_updater
Sun Nov 23 13:15:35 2014 - /popup/prog_available
Sun Nov 23 17:16:10 2014 - /popup/prog_available
Sun Nov 23 21:17:46 2014 - /popup/prog_available
Mon Nov 24 01:19:17 2014 - /popup/prog_available
Mon Nov 24 05:19:33 2014 - /popup/prog_available
Mon Nov 24 17:23:27 2014 - /popup/software_updater
Mon Nov 24 21:15:14 2014 - /popup/prog_available
Tue Nov 25 01:15:45 2014 - /popup/prog_available
Tue Nov 25 05:16:01 2014 - /popup/prog_available
Tue Nov 25 17:07:08 2014 - /popup/prog_available
Tue Nov 25 17:11:50 2014 - /popup/prog_available
Tue Nov 25 17:27:03 2014 - /popup/software_updater
Tue Nov 25 21:12:46 2014 - /popup/prog_available
Wed Nov 26 01:13:35 2014 - /popup/prog_available
Wed Nov 26 05:13:52 2014 - /popup/prog_available
Wed Nov 26 17:32:41 2014 - /popup/software_updater
Thu Nov 27 00:09:32 2014 - /popup/prog_available
Thu Nov 27 04:10:01 2014 - /popup/prog_available
Thu Nov 27 08:10:18 2014 - /popup/prog_available
Thu Nov 27 15:13:19 2014 - /popup/prog_available
Thu Nov 27 17:33:06 2014 - /popup/software_updater
Thu Nov 27 19:14:40 2014 - /popup/prog_available
Thu Nov 27 23:15:15 2014 - /popup/prog_available
Fri Nov 28 03:15:47 2014 - /popup/prog_available
Fri Nov 28 15:45:16 2014 - /popup/prog_available
Sat Nov 29 16:57:55 2014 - /popup/prog_available
Sat Nov 29 17:07:41 2014 - /popup/software_updater
Sat Nov 29 21:01:40 2014 - /popup/prog_available
Sun Nov 30 01:02:52 2014 - /popup/prog_available
Sun Nov 30 05:03:09 2014 - /popup/prog_available
Sun Nov 30 09:03:34 2014 - /popup/prog_available
Sun Nov 30 13:04:02 2014 - /popup/prog_available
Sun Nov 30 20:22:08 2014 - /popup/software_updater
Sun Nov 30 20:23:03 2014 - /popup/prog_available
Mon Dec 01 00:24:09 2014 - /popup/prog_available
Mon Dec 01 04:24:26 2014 - /popup/prog_available
Mon Dec 01 18:25:56 2014 - /popup/prog_available
Mon Dec 01 20:24:26 2014 - /popup/software_updater
Mon Dec 01 22:26:21 2014 - /popup/prog_available
Tue Dec 02 02:26:55 2014 - /popup/prog_available
Tue Dec 02 06:27:23 2014 - /popup/prog_available
Tue Dec 02 17:20:08 2014 - /popup/prog_available
Tue Dec 02 20:33:11 2014 - /popup/software_updater
Tue Dec 02 21:20:40 2014 - /popup/prog_available
Wed Dec 03 01:21:01 2014 - /popup/prog_available
Wed Dec 03 05:21:17 2014 - /popup/prog_available
Wed Dec 03 14:03:14 2014 - /popup/prog_available
Wed Dec 03 19:32:46 2014 - /popup/prog_available
Wed Dec 03 20:42:15 2014 - /popup/software_updater
Wed Dec 03 23:33:18 2014 - /popup/prog_available
Thu Dec 04 03:33:48 2014 - /popup/prog_available
Thu Dec 04 17:17:48 2014 - /popup/prog_available
Thu Dec 04 20:47:16 2014 - /popup/software_updater
Thu Dec 04 21:19:44 2014 - /popup/prog_available
Fri Dec 05 01:20:19 2014 - /popup/prog_available
Fri Dec 05 05:20:36 2014 - /popup/prog_available
Sat Dec 06 12:21:45 2014 - /popup/prog_available
Sat Dec 06 12:21:52 2014 - /popup/software_updater
Sat Dec 06 12:22:01 2014 - [IDR_HTM_TASKBAR_POPUP] {button} details
Sat Dec 06 12:22:01 2014 - /popup/TASKBAR_POPUP/details
Sat Dec 06 12:22:16 2014 - [IDR_HTM_MAIN_FRAME] {button} fix_now
Sat Dec 06 12:22:25 2014 - [IDR_HTM_DIALOG_UPDATE_PATCHMGMT] {button} ok
Sat Dec 06 12:22:31 2014 - [IDR_HTM_MAIN_FRAME] {button} fix_now
Sat Dec 06 12:22:41 2014 - [IDR_HTM_MAIN_FRAME] {button} close
Sat Dec 06 12:22:42 2014 - [IDR_HTM_DIALOG_UPDATE_PATCHMGMT] {button} close
Sat Dec 06 12:23:07 2014 - [IDR_HTM_MAIN_FRAME] {button} minimize
Sat Dec 06 12:26:04 2014 - /popup/prog_available
Sat Dec 06 12:26:12 2014 - [IDR_HTM_TASKBAR_POPUP] {button} {load_page:page_update}{click_button:#show_interstitial_or_update}
Sat Dec 06 12:26:12 2014 - [IDR_HTM_MAIN_FRAME] {button} show_interstitial_or_update
Sat Dec 06 12:26:28 2014 - [IDR_HTM_DIALOG_NAG_SCREEN] {button} {click_button:#close}{load_page:page_update}{click_button:#update_program}
Sat Dec 06 12:48:12 2014 - [IDR_HTM_MESSAGEBOX] {button} yes
Sat Dec 06 12:53:04 2014 - [IDR_HTM_APPSTORE_CHROMIUM] {button} close
Sat Dec 06 12:53:13 2014 - [IDR_HTM_MAIN_FRAME] {button} load_page:page_tools_chromium:141:%26p_elm=0%26p_var=/fa/de-de/other/banner_gf_default.html
Sat Dec 06 12:53:28 2014 - [IDR_HTM_MAIN_FRAME] {button} close
Sat Dec 06 13:21:45 2014 - /popup/software_updater
Sat Dec 06 20:50:57 2014 - /popup/vps_updated
Sun Dec 07 12:29:10 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} load_page:page_tools_chromium:141:%26p_elm=191%26p_var=/fa/de-de/other/toaster-gf_ram-performance_100_new.html
Sun Dec 07 12:29:10 2014 - /popup/TASKBAR_POPUP_REMOTE/load_page:page_tools_chromium:141:%26p_elm=191%26p_var=/fa/d
Sun Dec 07 12:29:31 2014 - [IDR_HTM_MAIN_FRAME] {button} close
Mon Dec 08 21:42:21 2014 - /popup/vps_updated
Tue Dec 09 19:14:51 2014 - /popup/vps_updated
Wed Dec 10 13:43:24 2014 - /popup/vps_updated
Wed Dec 10 13:43:36 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} shell_exec:open:hxxp://www.computerbild.de/artikel/cb-Downloads-Sicherheit-Sicherheitsrisiken-minimieren-11182891.html?utm_ads=no_layer
Wed Dec 10 13:43:36 2014 - /popup/TASKBAR_POPUP_REMOTE/shell_exec:open:hxxp://www.computerbild.de/artikel/cb-Downlo
Thu Dec 11 17:27:03 2014 - /popup/vps_updated
Thu Dec 11 23:22:50 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} close
Thu Dec 11 23:22:50 2014 - /popup/TASKBAR_POPUP_REMOTE/close
Sat Dec 13 01:48:44 2014 - /popup/vps_updated
Sat Dec 13 04:29:17 2014 - /popup/software_updater
Sat Dec 13 22:06:50 2014 - /popup/vps_updated
Sat Dec 13 22:07:01 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} shell_exec:open:hxxp://www.itespresso.de/2014/12/10/wlan-router-immer-hauefiger-einfallstor-fuer-hacker/
Sat Dec 13 22:07:01 2014 - /popup/TASKBAR_POPUP_REMOTE/shell_exec:open:hxxp://www.itespresso.de/2014/12/10/wlan-rou
Sun Dec 14 10:07:50 2014 - /popup/vps_updated
Sun Dec 14 21:15:56 2014 - /popup/vps_updated
Mon Dec 15 16:35:36 2014 - /popup/vps_updated
Mon Dec 15 16:36:08 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} close
Mon Dec 15 16:36:08 2014 - /popup/TASKBAR_POPUP_REMOTE/close
Mon Dec 15 20:39:54 2014 - /popup/vps_updated
Tue Dec 16 09:59:44 2014 - /popup/vps_updated
Wed Dec 17 01:41:34 2014 - /popup/vps_updated
Wed Dec 17 23:06:25 2014 - /popup/vps_updated
Wed Dec 17 23:06:54 2014 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} close
Wed Dec 17 23:06:54 2014 - /popup/TASKBAR_POPUP_REMOTE/close
Fri Jan 02 16:29:08 2015 - /popup/vps_updated
Fri Jan 02 16:37:37 2015 - /popup/software_updater
Fri Jan 02 16:54:46 2015 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} load_page:page_tools_chromium:141:%26p_elm=191%26p_var=/fa/de-de/other/toaster-gf_ram-performance_100_new.html
Fri Jan 02 16:54:46 2015 - /popup/TASKBAR_POPUP_REMOTE/load_page:page_tools_chromium:141:%26p_elm=191%26p_var=/fa/d
Fri Jan 02 16:55:15 2015 - [IDR_HTM_MAIN_FRAME] {button} close
Fri Jan 02 20:37:23 2015 - /popup/vps_updated
Sat Jan 03 11:13:55 2015 - [IDR_HTM_TASKBAR_POPUP_REMOTE] {button} close
Sat Jan 03 11:13:55 2015 - /popup/TASKBAR_POPUP_REMOTE/close
Tue Jan 06 09:24:55 2015 - /popup/vps_updated
Tue Jan 06 12:19:04 2015 - [IDR_HTM_MAIN_FRAME] {button} scan
Tue Jan 06 12:19:19 2015 - [IDR_HTM_MAIN_FRAME] {button} scan
Tue Jan 06 12:19:25 2015 - [IDR_HTM_MAIN_FRAME] {menu item} grime_fighter_item
Tue Jan 06 12:19:55 2015 - [IDR_HTM_MAIN_FRAME] {button} scan
Tue Jan 06 12:20:00 2015 - [IDR_HTM_MAIN_FRAME] {button} start
Tue Jan 06 12:22:58 2015 - [IDR_HTM_MAIN_FRAME] {button} minimize
Tue Jan 06 12:28:46 2015 - [IDR_HTM_MAIN_FRAME] {button} minimize
Tue Jan 06 12:48:39 2015 - [IDR_HTM_MAIN_FRAME] {button} minimize
Tue Jan 06 12:48:59 2015 - [IDR_HTM_MAIN_FRAME] {button} minimize
Tue Jan 06 12:59:50 2015 - [IDR_HTM_MAIN_FRAME] {button} fix_now
Tue Jan 06 13:00:08 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} apply_actions
Tue Jan 06 13:01:05 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} cancel
Tue Jan 06 13:01:18 2015 - [IDR_HTM_MAIN_FRAME] {button} settings
Tue Jan 06 13:01:28 2015 - [IDR_HTM_DIALOG_SETTINGS_TASK] {button} close
Tue Jan 06 13:01:29 2015 - [IDR_HTM_MAIN_FRAME] {button} load_page:page_account
Tue Jan 06 13:01:44 2015 - [IDR_HTM_MAIN_FRAME] {button} settings:IDR_HTM_DIALOG_SETTINGS
Tue Jan 06 13:01:51 2015 - [IDR_HTM_DIALOG_SETTINGS] {button} close
Tue Jan 06 13:01:52 2015 - [IDR_HTM_MAIN_FRAME] {button} load_page:page_appstore
Tue Jan 06 13:02:14 2015 - [IDR_HTM_MAIN_FRAME] {button} close
Tue Jan 06 13:23:05 2015 - [IDR_HTM_MESSAGEBOX] {button} no
Tue Jan 06 13:23:22 2015 - [IDR_HTM_MAIN_FRAME] {button} change_tile
Tue Jan 06 13:23:25 2015 - [IDR_HTM_MAIN_FRAME] {button} show_chest
Tue Jan 06 13:23:54 2015 - [IDR_HTM_DIALOG_WITH_ANY_FRAME] {button} minimize
Tue Jan 06 13:24:23 2015 - [IDR_HTM_MAIN_FRAME] {button} change_tile
Tue Jan 06 13:24:31 2015 - [IDR_HTM_MAIN_FRAME] {button} smart_scan
Tue Jan 06 13:29:16 2015 - [IDR_HTM_MAIN_FRAME] {button} show_scan_logs
Tue Jan 06 13:29:33 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} close
Tue Jan 06 13:29:34 2015 - [IDR_HTM_DIALOG_WITH_ANY_FRAME] {button} view_results
Tue Jan 06 13:29:45 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} maximize_restore
Tue Jan 06 13:29:46 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} maximize_restore
Tue Jan 06 13:34:22 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} cancel
Tue Jan 06 13:34:39 2015 - [IDR_HTM_DIALOG_WITH_ANY_FRAME] {button} view_results
Tue Jan 06 13:34:47 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} help
Tue Jan 06 13:35:03 2015 - [IDR_HTM_DIALOG_HELP] {button} close
Tue Jan 06 13:35:04 2015 - [IDR_HTM_DIALOG_SCAN_RESULTS] {button} close
Tue Jan 06 13:35:07 2015 - [IDR_HTM_DIALOG_WITH_ANY_FRAME] {button} close
Tue Jan 06 13:35:18 2015 - [IDR_HTM_MAIN_FRAME] {button} load_overview
Tue Jan 06 13:35:34 2015 - [IDR_HTM_MAIN_FRAME] {button} help
Tue Jan 06 13:35:36 2015 - [IDR_HTM_DIALOG_HELP] {button} close
Tue Jan 06 13:35:38 2015 - [IDR_HTM_MAIN_FRAME] {button} close
Tue Jan 06 13:48:37 2015 - [IDR_HTM_DIALOG_WITH_ANY_FRAME] {button} close
Hoffentlich ist das richtig  Danke im Vorraus |
|
06.01.2015, 14:02
| #2 |
| /// the machine /// TB-Ausbilder    | Programme minimieren sich automatisch hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.01.2015, 14:12
| #3 |
| | Programme minimieren sich automatisch So hier
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Movco (administrator) on MOVCO-PC on 06-01-2015 14:08:30
Running from C:\Users\Movco\Downloads
Loaded Profile: Movco (Available profiles: Movco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Razer, Inc.) C:\Users\Movco\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [976896 2012-11-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Spotify Web Helper] => C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\MountPoints2: {c67039f1-b857-11e3-8faf-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\MountPoints2: {dcd33c48-b812-11e3-befa-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-01] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1182&r=2014/05/04&hid=11313193503170806373&lg=EN&cc=DE&unqvl=51
SearchScopes: HKU\S-1-5-21-4251330435-999982884-650065621-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4251330435-999982884-650065621-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4251330435-999982884-650065621-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1182&r=2014/05/04&hid=11313193503170806373&lg=EN&cc=DE&unqvl=51
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-4251330435-999982884-650065621-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-30]
Chrome:
=======
CHR Profile: C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Google-Suche) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (AdBlock) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-30]
CHR Extension: (One Piece Theme) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp [2014-03-30]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR Extension: (Extutil) - C:\Users\Movco\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-11]
CHR Extension: (Managera) - C:\Users\Movco\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-06] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2014-04-29] (Creative Technology Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S4 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-06] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598840 2013-05-21] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\DRIVERS\3wareDrv.sys [102400 2009-08-31] (AMCC)
S3 adp3132; C:\Windows\system32\DRIVERS\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1050904 2014-04-29] (Creative Technology Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-06] (Avast Software)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 14:08 - 2015-01-06 14:09 - 00023278 _____ () C:\Users\Movco\Downloads\FRST.txt
2015-01-06 14:08 - 2015-01-06 14:08 - 00000000 ____D () C:\FRST
2015-01-06 14:07 - 2015-01-06 14:07 - 02123776 _____ (Farbar) C:\Users\Movco\Downloads\FRST64.exe
2015-01-06 13:40 - 2015-01-06 13:40 - 01529856 _____ () C:\Users\Movco\Downloads\Log.db
2015-01-06 11:43 - 2015-01-06 11:43 - 00000000 ____D () C:\Users\Movco\Desktop\skrm_conf_1_6-814-1-6
2015-01-06 11:43 - 2015-01-06 11:42 - 07661087 _____ () C:\Users\Movco\Desktop\skrm_conf_1_6-814-1-6.zip
2015-01-06 11:42 - 2015-01-06 11:42 - 07661087 _____ () C:\Users\Movco\Downloads\skrm_conf_1_6-814-1-6.zip
2015-01-06 10:45 - 2015-01-06 10:45 - 00000000 ____D () C:\Users\Movco\Desktop\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1)
2015-01-06 10:45 - 2015-01-06 10:44 - 00007383 _____ () C:\Users\Movco\Desktop\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1).zip
2015-01-06 10:44 - 2015-01-06 10:44 - 00007383 _____ () C:\Users\Movco\Downloads\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1).zip
2015-01-06 10:02 - 2015-01-06 10:02 - 00002304 _____ () C:\Users\Movco\Desktop\Skyrim (SKSE).lnk
2015-01-06 10:00 - 2015-01-06 10:00 - 00313875 _____ () C:\Users\Movco\Downloads\skse_1_07_01_installer (2).exe
2015-01-05 17:23 - 2015-01-05 17:23 - 00000857 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-05 17:19 - 2015-01-05 17:20 - 04282672 _____ (Black Tree Gaming ) C:\Users\Movco\Downloads\Nexus Mod Manager-0.52.3.exe
2015-01-05 17:02 - 2015-01-05 17:02 - 00000197 _____ () C:\Windows\system32\2015-01-05-16-02-23.061-AvastVBoxSVC.exe-3640.log
2015-01-05 12:22 - 2015-01-05 12:22 - 00000197 _____ () C:\Windows\system32\2015-01-05-11-22-08.085-AvastVBoxSVC.exe-3216.log
2015-01-05 02:07 - 2015-01-05 02:07 - 00000000 ____D () C:\Users\Movco\AppData\Local\RzStats
2015-01-05 01:57 - 2015-01-05 01:57 - 00000197 _____ () C:\Windows\system32\2015-01-05-00-57-42.064-AvastVBoxSVC.exe-3756.log
2015-01-04 15:07 - 2015-01-04 15:07 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-07-23.057-AvastVBoxSVC.exe-3196.log
2015-01-03 11:43 - 2015-01-03 11:43 - 00000112 _____ () C:\Users\Movco\AppData\Roaming\JP2K CS6 Prefs
2015-01-03 11:09 - 2015-01-03 11:10 - 00000197 _____ () C:\Windows\system32\2015-01-03-10-09-54.097-AvastVBoxSVC.exe-3836.log
2015-01-02 16:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 16:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-02 16:28 - 2015-01-02 16:28 - 00000197 _____ () C:\Windows\system32\2015-01-02-15-28-24.077-AvastVBoxSVC.exe-3372.log
2014-12-19 04:22 - 2014-12-19 04:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 19:19 - 2014-12-17 19:19 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000275DE_mp332_A2DQJ3546IXBC4.adh
2014-12-17 15:04 - 2014-12-17 15:04 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-04-04.039-AvastVBoxSVC.exe-3320.log
2014-12-16 15:16 - 2014-12-16 15:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-14-16-03.014-AvastVBoxSVC.exe-3560.log
2014-12-16 09:58 - 2014-12-16 09:58 - 00000197 _____ () C:\Windows\system32\2014-12-16-08-58-43.017-AvastVBoxSVC.exe-2732.log
2014-12-15 16:33 - 2014-12-15 16:33 - 00000197 _____ () C:\Windows\system32\2014-12-15-15-33-10.095-AvastVBoxSVC.exe-3756.log
2014-12-15 07:53 - 2014-12-15 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-15-06-53-24.053-AvastVBoxSVC.exe-3712.log
2014-12-13 18:08 - 2014-12-13 18:08 - 00000197 _____ () C:\Windows\system32\2014-12-13-17-08-33.036-AvastVBoxSVC.exe-3608.log
2014-12-13 16:43 - 2014-12-13 16:43 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-43-01.099-AvastVBoxSVC.exe-1196.log
2014-12-13 08:03 - 2014-12-13 08:03 - 00000197 _____ () C:\Windows\system32\2014-12-13-07-03-19.090-AvastVBoxSVC.exe-3520.log
2014-12-12 22:15 - 2014-12-12 22:15 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000274DE_mp332_A2DQJ3546IXBC4.adh
2014-12-12 21:50 - 2014-12-12 21:50 - 00000197 _____ () C:\Windows\system32\2014-12-12-20-50-31.006-AvastVBoxSVC.exe-3400.log
2014-12-12 11:40 - 2014-12-12 11:40 - 00000197 _____ () C:\Windows\system32\2014-12-12-10-40-48.037-AvastVBoxSVC.exe-3920.log
2014-12-11 17:26 - 2014-12-11 17:26 - 00000197 _____ () C:\Windows\system32\2014-12-11-16-26-12.014-AvastVBoxSVC.exe-3952.log
2014-12-11 08:13 - 2014-12-11 08:13 - 00000197 _____ () C:\Windows\system32\2014-12-11-07-13-22.047-AvastVBoxSVC.exe-3836.log
2014-12-11 03:25 - 2014-12-11 03:25 - 00000197 _____ () C:\Windows\system32\2014-12-11-02-25-36.097-AvastVBoxSVC.exe-4952.log
2014-12-10 21:16 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 21:16 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 21:16 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 21:16 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 21:16 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 21:16 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 21:16 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 21:16 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:16 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 21:16 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 21:16 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 21:16 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 21:16 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 21:16 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 21:16 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 21:16 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 21:16 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 21:16 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 21:16 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 21:16 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 21:16 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 21:16 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 21:15 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 21:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 13:46 - 2014-12-10 13:53 - 92658088 _____ (Oracle Corporation) C:\Users\Movco\Downloads\jre-8u25-windows-x64.exe
2014-12-10 13:42 - 2014-12-10 13:43 - 00000197 _____ () C:\Windows\system32\2014-12-10-12-42-44.051-AvastVBoxSVC.exe-3776.log
2014-12-09 21:38 - 2014-12-09 21:39 - 00000197 _____ () C:\Windows\system32\2014-12-09-20-38-55.076-AvastVBoxSVC.exe-3412.log
2014-12-09 15:36 - 2014-12-09 15:37 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-36-48.068-AvastVBoxSVC.exe-3212.log
2014-12-09 06:46 - 2012-09-10 00:24 - 2140796243 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 2.mpg
2014-12-09 06:46 - 2012-09-09 22:44 - 84231023 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 1.mpg
2014-12-08 17:40 - 2014-12-08 17:40 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-40-00.092-AvastVBoxSVC.exe-3780.log
2014-12-07 12:11 - 2014-12-07 12:11 - 00000197 _____ () C:\Windows\system32\2014-12-07-11-11-22.060-AvastVBoxSVC.exe-3708.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 14:06 - 2014-06-29 16:06 - 00000000 ____D () C:\Users\Movco\AppData\Local\Battle.net
2015-01-06 13:49 - 2014-03-30 14:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 13:00 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 13:00 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 12:29 - 2014-03-30 15:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 11:51 - 2014-04-19 19:30 - 00000000 ____D () C:\Users\Movco\AppData\Local\Akamai
2015-01-06 11:41 - 2014-03-30 16:53 - 00000000 ____D () C:\Users\Movco\AppData\Local\Skyrim
2015-01-06 11:35 - 2012-06-29 19:00 - 00000000 ____D () C:\Users\Movco\Documents\Nexus Mod Manager
2015-01-06 09:54 - 2014-03-30 18:27 - 00000000 ____D () C:\Users\Movco\AppData\Local\Black_Tree_Gaming
2015-01-06 06:44 - 2014-03-30 23:12 - 01952141 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 02:39 - 2014-03-31 18:32 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Spotify
2015-01-06 02:00 - 2014-04-21 11:03 - 00000000 ____D () C:\Users\Movco\AppData\Local\Adobe
2015-01-06 00:42 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 22:08 - 2014-11-25 21:19 - 00000132 _____ () C:\Users\Movco\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2015-01-05 21:42 - 2014-11-10 20:09 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\TS3Client
2015-01-05 19:39 - 2014-03-30 14:52 - 00064864 _____ () C:\Users\Movco\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 17:11 - 2014-04-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 17:11 - 2014-04-03 07:36 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Adobe
2015-01-05 17:02 - 2014-03-30 19:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-05 16:59 - 2014-03-30 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-05 16:59 - 2014-03-30 14:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 16:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 16:59 - 2009-07-14 05:51 - 00114941 _____ () C:\Windows\setupact.log
2015-01-03 12:41 - 2013-04-30 22:04 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-03 11:18 - 2014-04-19 18:07 - 00000000 ____D () C:\Users\Movco\Desktop\Bilder und Bearbeitungstools
2015-01-02 18:52 - 2009-07-14 18:58 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 18:52 - 2009-07-14 18:58 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 18:52 - 2009-07-14 06:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 16:45 - 2014-03-31 18:34 - 00000000 ____D () C:\Users\Movco\AppData\Local\Spotify
2014-12-17 20:17 - 2014-11-12 17:32 - 00000000 ____D () C:\Users\Movco\AppData\Local\Audible
2014-12-11 08:38 - 2014-06-29 16:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:05 - 2014-04-24 03:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:01 - 2014-04-24 03:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:55 - 2014-04-26 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-10 13:55 - 2014-04-26 19:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-10 13:55 - 2014-04-26 19:05 - 00000000 ____D () C:\Program Files\Java
2014-12-09 23:21 - 2014-12-06 12:43 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
Some content of TEMP:
====================
C:\Users\Movco\AppData\Local\Temp\AcDeltree.exe
C:\Users\Movco\AppData\Local\Temp\DLMGuardian.exe
C:\Users\Movco\AppData\Local\Temp\down.7128.newtab_setup.exe
C:\Users\Movco\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Movco\AppData\Local\Temp\i4jdel0.exe
C:\Users\Movco\AppData\Local\Temp\ICReinstall_JDSetup130423960477733861.exe
C:\Users\Movco\AppData\Local\Temp\JDSetup130423960477733861.exe
C:\Users\Movco\AppData\Local\Temp\jna1241059675365182726.dll
C:\Users\Movco\AppData\Local\Temp\jna1517270374999723891.dll
C:\Users\Movco\AppData\Local\Temp\jna4584394682996279053.dll
C:\Users\Movco\AppData\Local\Temp\jna4700818391728582711.dll
C:\Users\Movco\AppData\Local\Temp\jna5923969612968548015.dll
C:\Users\Movco\AppData\Local\Temp\jna6175204416666891635.dll
C:\Users\Movco\AppData\Local\Temp\jna8048457305748890003.dll
C:\Users\Movco\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Movco\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.2.exe
C:\Users\Movco\AppData\Local\Temp\nsbE358.exe
C:\Users\Movco\AppData\Local\Temp\nslA03B.exe
C:\Users\Movco\AppData\Local\Temp\nsqDE86.exe
C:\Users\Movco\AppData\Local\Temp\nswA3D5.exe
C:\Users\Movco\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Movco\AppData\Local\Temp\nvStInst.exe
C:\Users\Movco\AppData\Local\Temp\sonarinst.exe
C:\Users\Movco\AppData\Local\Temp\sp-downloader.exe
C:\Users\Movco\AppData\Local\Temp\SPSetup.exe
C:\Users\Movco\AppData\Local\Temp\Tsu2E6633CC.dll
C:\Users\Movco\AppData\Local\Temp\_is7696.exe
C:\Users\Movco\AppData\Local\Temp\__pythonRunner.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 18:27
==================== End Of Log ============================
--- --- --- Und hier Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by Movco at 2015-01-06 14:09:21
Running from C:\Users\Movco\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
abrMate version 1.1 (HKLM-x32\...\abrMate_is1) (Version: 1.1 - )
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1999256830.48.56.11545258 - Audible, Inc.)
Autodesk 3ds Max Design 2012 64-bit - German (HKLM\...\Autodesk 3ds Max Design 2012 64-bit - German) (Version: 14.0 - Autodesk)
Autodesk 3ds Max Design 2012 64-bit - German (Version: 14.0 - Autodesk) Hidden
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit) (Version: - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Mudbox 2013 64-bit (HKLM\...\Autodesk Mudbox 2013 64-bit) (Version: 7.0.2.121 - Autodesk)
Autodesk Mudbox 2013 64-bit (Version: 7.0.2.121 - Autodesk) Hidden
Autodesk Mudbox 2013 64-bit SP2 (HKLM\...\Autodesk Mudbox 2013 64-bit SP2) (Version: 7.0.2.121 - Autodesk)
Autodesk SketchBook Express 6.2.5 (HKLM-x32\...\{5EA37DCA-9B9F-41F4-93DA-E0821007CEAC}) (Version: 6.25.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Composite 2012 64-bit (HKLM\...\{EA234BC3-39FE-4734-B72F-076086889F6D}) (Version: 7.0.0 - Autodesk)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sound Blaster Recon3Di (HKLM-x32\...\{918F3CE9-7164-4C6D-9530-66F12EFB4585}) (Version: 1.03.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{536BDBFC-CA1A-4AC0-A8EB-BB2D0F1F522E}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.30 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4251330435-999982884-650065621-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
20-11-2014 00:00:02 Geplanter Prüfpunkt
20-11-2014 03:00:13 Windows Update
27-11-2014 23:44:58 Geplanter Prüfpunkt
05-12-2014 00:43:34 Geplanter Prüfpunkt
06-12-2014 12:27:32 avast! antivirus system restore point
06-12-2014 12:47:42 Installed iTunes
11-12-2014 03:00:16 Windows Update
03-01-2015 00:35:58 Windows Update
05-01-2015 17:14:24 Removed Autodesk SketchBook Express 6.2.5
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2603BA08-7F2C-4795-A635-E2FB1168F4CC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {28134ADE-FA54-4171-9595-D80F0F216FF5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2ED28680-6346-4909-B0B9-56D7C9299E53} - System32\Tasks\AdobeAAMUpdater-1.0-Movco-PC-Movco => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {310F785C-6C17-41E1-B4E9-8A0B5E7C913A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {408ACA9C-5597-4089-885F-25C93E85883B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-30] (Google Inc.)
Task: {51C1EF1D-4E0D-4F76-863C-A67FDB6D5CE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-30] (Google Inc.)
Task: {5606EA8A-7A2F-4587-AF1C-BBD5E6AB76AD} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {89E5D82F-666B-41A8-A32D-65B5F9DE9AA4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {C15B031A-AA33-47EB-B62A-3DDDB710C9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2C54965-59C9-44CD-8DA6-8BC28365A42C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CA23F37F-4B4D-4DCF-9054-C7148EDB882B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-30 16:05 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-06 18:17 - 2014-11-06 18:17 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-06 12:40 - 2014-12-06 12:40 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-06 12:40 - 2014-12-06 12:40 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-08-08 17:46 - 2013-05-21 16:25 - 01185080 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-03-20 10:24 - 2014-03-20 10:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-08-08 13:30 - 2013-08-08 13:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-12-19 04:22 - 2014-12-19 04:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-01-05 12:22 - 2015-01-05 12:22 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2014-12-06 12:40 - 2014-12-06 12:40 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-06 09:24 - 2015-01-06 09:24 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010600\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-12 07:19 - 2013-03-12 07:19 - 00741376 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2014-12-06 12:40 - 2014-12-06 12:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-30 14:44 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-06 12:52 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\Movco\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 04:22 - 2014-12-19 04:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-12-06 12:52 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\Movco\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-12-06 12:52 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\Movco\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-03-30 15:11 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 20:23 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-03-30 15:11 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-03-30 15:11 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-15 21:12 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-29 21:52 - 2014-04-24 01:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: mi-raysat_3dsmax2012_64 => 2
MSCONFIG\Services: WTabletServicePro => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
========================= Accounts: ==========================
Administrator (S-1-5-21-4251330435-999982884-650065621-500 - Administrator - Disabled)
Gast (S-1-5-21-4251330435-999982884-650065621-501 - Limited - Disabled)
Movco (S-1-5-21-4251330435-999982884-650065621-1000 - Administrator - Enabled) => C:\Users\Movco
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2015 11:51:39 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (01/06/2015 11:50:34 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (01/06/2015 11:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NexusClient.exe, Version: 0.52.3.0, Zeitstempel: 0x542956f4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x1e20
Startzeit der fehlerhaften Anwendung: 0xNexusClient.exe0
Pfad der fehlerhaften Anwendung: NexusClient.exe1
Pfad des fehlerhaften Moduls: NexusClient.exe2
Berichtskennung: NexusClient.exe3
Error: (01/06/2015 11:40:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NexusClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at System.IO.File.OpenWrite(System.String)
at Nexus.Client.Util.Downloader.FileWriter.WaitForData()
at Nexus.Client.Util.Threading.TrackedThread.RunThread()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (01/06/2015 11:04:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012397
ID des fehlerhaften Prozesses: 0xac4
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Error: (01/06/2015 07:00:25 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (01/06/2015 06:59:42 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (01/06/2015 03:30:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/06/2015 03:00:00 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (01/06/2015 02:59:02 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
System errors:
=============
Error: (01/05/2015 05:17:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/05/2015 05:17:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (01/05/2015 05:06:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/05/2015 05:06:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (01/05/2015 05:00:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (01/05/2015 05:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Game Scanner" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/05/2015 05:00:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Game Scanner erreicht.
Error: (01/05/2015 00:21:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (01/05/2015 01:55:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (01/04/2015 03:07:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Microsoft Office Sessions:
=========================
Error: (01/06/2015 11:51:39 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/06/2015 11:50:34 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/06/2015 11:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NexusClient.exe0.52.3.0542956f4KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d1e2001d029963d4ab0e0C:\Program Files\Nexus Mod Manager\NexusClient.exeC:\Windows\system32\KERNELBASE.dll7e71fa8b-9590-11e4-b0a2-74d4351dc789
Error: (01/06/2015 11:40:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NexusClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at System.IO.File.OpenWrite(System.String)
at Nexus.Client.Util.Downloader.FileWriter.WaitForData()
at Nexus.Client.Util.Threading.TrackedThread.RunThread()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (01/06/2015 11:04:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c000000500012397ac401d029519c555a2bC:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe655890b3-958b-11e4-b0a2-74d4351dc789
Error: (01/06/2015 07:00:25 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/06/2015 06:59:42 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/06/2015 03:30:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2012\python\lib\distutils\command\wininst-8_d.exe
Error: (01/06/2015 03:00:00 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/06/2015 02:59:02 AM) (Source: MsiInstaller) (EventID: 11310) (User: Movco-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Movco\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.85 MB
Available physical RAM: 1772.35 MB
Total Pagefile: 8730.59 MB
Available Pagefile: 5160.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:417.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SKYRIM_DE) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 226FA73C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.01.2015, 15:49
| #4 |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatisch hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2015, 19:45
| #5 |
| | hi,Code:
ATTFilter Combofix Logfile: |
|
06.01.2015, 22:04
| #6 |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatisch Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Programme minimieren sich automatisch |
|
06.01.2015, 23:09
| #7 |
| | Programme minimieren sich automatisch mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.01.2015 Suchlauf-Zeit: 22:21:19 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.06.12 Rootkit Datenbank: v2015.01.06.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Movco Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 401141 Verstrichene Zeit: 18 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [8da7b143a8e14beb7c25875ada2a4bb5], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4251330435-999982884-650065621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, In Quarantäne, [6ec6f9fbe3a663d304dca03e669efa06], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-4251330435-999982884-650065621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [8da7975d94f5da5c0d3886488183867a], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 9 PUP.Optional.OpenCandy, C:\Users\Movco\AppData\Roaming\OpenCandy, In Quarantäne, [12229c58b9d0f3435a1541ee7390bf41], PUP.Optional.OpenCandy, C:\Users\Movco\AppData\Roaming\OpenCandy\1862EF96C20C4A818BB9D66CFECF5DEE, In Quarantäne, [12229c58b9d0f3435a1541ee7390bf41], PUP.Optional.OpenCandy, C:\Users\Movco\AppData\Roaming\OpenCandy\584A7A8B0EC840248534A50D67103013, In Quarantäne, [12229c58b9d0f3435a1541ee7390bf41], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\UI, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], Dateien: 9 PUP.Optional.MultiPlug.A, C:\ProgramData\SecTaskMan\7i.dll.q_Quarantine_CC17E06_q, In Quarantäne, [c37110e46029bc7aef0022481ee30ef2], PUP.Optional.Conduit.A, C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, In Quarantäne, [a3919d576c1d320472ca1a7911f2e41c], PUP.Optional.Conduit.A, C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, In Quarantäne, [cd67797bee9b44f2211b73208a7907f9], PUP.Optional.OpenCandy, C:\Users\Movco\AppData\Roaming\OpenCandy\1862EF96C20C4A818BB9D66CFECF5DEE\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [12229c58b9d0f3435a1541ee7390bf41], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.SearchProtect.A, C:\Users\Movco\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [2212668e7613c373f2ea65df45be3ac6], PUP.Optional.Conduit.A, C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M7F09A491-3510-49F8-8815-2A99F2C9DD65&SearchSource=55&CUI=&UM=5&UP=SP341E502C-16D2-4A74-B702-378985BBBBBE&SSPV=",), Ersetzt,[68ccac4855347abcaab7279e22e322de] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 06/01/2015 um 22:51:12
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Movco - MOVCO-PC
# Gestartet von : C:\Users\Movco\Downloads\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\RobOOSaver
Ordner Gelöscht : C:\ProgramData\Saave neT
Ordner Gelöscht : C:\ProgramData\eb31f0a29686da80
Ordner Gelöscht : C:\Program Files (x86)\Saave neT
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Movco\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Movco\AppData\Local\torch
Ordner Gelöscht : C:\Users\Movco\Documents\Updater
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v34.0.1847.131
[C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M7F09A491-3510-49F8-8815-2A99F2C9DD65&SearchSource=55&CUI=&UM=5&UP=SP341E502C-16D2-4A74-B702-378985BBBBBE&SSPV=
[C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M7F09A491-3510-49F8-8815-2A99F2C9DD65&SearchSource=55&CUI=&UM=5&UP=SP341E502C-16D2-4A74-B702-378985BBBBBE&SSPV=
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [4914 octets] - [06/01/2015 22:49:33]
AdwCleaner[S0].txt - [4691 octets] - [06/01/2015 22:51:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4751 octets] ##########
[/CODE] Und JRT Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Movco on 06.01.2015 at 22:59:04,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Movco\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Movco\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Movco\music\qtrax media library"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.01.2015 at 23:02:04,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Movco (administrator) on MOVCO-PC on 06-01-2015 23:05:22
Running from C:\Users\Movco\Downloads
Loaded Profile: Movco (Available profiles: Movco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Movco\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Movco\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [976896 2012-11-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Spotify Web Helper] => C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4251330435-999982884-650065621-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-4251330435-999982884-650065621-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-30]
Chrome:
=======
CHR Profile: C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Google-Suche) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (AdBlock) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-30]
CHR Extension: (One Piece Theme) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp [2014-03-30]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-06] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2014-04-29] (Creative Technology Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-06] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598840 2013-05-21] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\DRIVERS\3wareDrv.sys [102400 2009-08-31] (AMCC)
S3 adp3132; C:\Windows\system32\DRIVERS\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1050904 2014-04-29] (Creative Technology Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-06] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 23:04 - 2015-01-06 23:05 - 02123776 _____ (Farbar) C:\Users\Movco\Downloads\FRST64 (1).exe
2015-01-06 23:04 - 2015-01-06 23:05 - 00000000 ____D () C:\Users\Movco\Desktop\Anti-Bösewicht Programme
2015-01-06 23:02 - 2015-01-06 23:02 - 00001136 _____ () C:\Users\Movco\Desktop\JRT.txt
2015-01-06 22:59 - 2015-01-06 22:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 22:57 - 2015-01-06 22:57 - 01707939 _____ (Thisisu) C:\Users\Movco\Downloads\JRT.exe
2015-01-06 22:56 - 2015-01-06 22:56 - 00000197 _____ () C:\Windows\system32\2015-01-06-21-56-11.043-AvastVBoxSVC.exe-3428.log
2015-01-06 22:51 - 2015-01-06 22:55 - 00004843 _____ () C:\Users\Movco\Desktop\AdwCleaner[S0].txt
2015-01-06 22:49 - 2015-01-06 22:57 - 00000000 ____D () C:\AdwCleaner
2015-01-06 22:48 - 2015-01-06 22:48 - 02173952 _____ () C:\Users\Movco\Downloads\AdwCleaner_4.106.exe
2015-01-06 22:47 - 2015-01-06 22:47 - 00004710 _____ () C:\Users\Movco\Desktop\mbam.txt
2015-01-06 22:46 - 2015-01-06 22:46 - 00000197 _____ () C:\Windows\system32\2015-01-06-21-46-29.095-AvastVBoxSVC.exe-3540.log
2015-01-06 22:20 - 2015-01-06 22:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-06 22:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 22:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 22:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-06 22:16 - 2015-01-06 22:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Movco\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-06 19:51 - 2015-01-06 19:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-18-51-14.047-AvastVBoxSVC.exe-3268.log
2015-01-06 19:43 - 2015-01-06 19:43 - 00030083 _____ () C:\ComboFix.txt
2015-01-06 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-06 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-06 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-06 19:28 - 2015-01-06 19:43 - 00000000 ____D () C:\Qoobox
2015-01-06 19:28 - 2015-01-06 19:42 - 00000000 ____D () C:\Windows\erdnt
2015-01-06 19:26 - 2015-01-06 19:27 - 05609498 _____ (Swearware) C:\Users\Movco\Downloads\ComboFix.exe
2015-01-06 14:47 - 2015-01-06 14:48 - 00000197 _____ () C:\Windows\system32\2015-01-06-13-47-55.026-AvastVBoxSVC.exe-3684.log
2015-01-06 14:09 - 2015-01-06 14:10 - 00036936 _____ () C:\Users\Movco\Downloads\Addition.txt
2015-01-06 14:08 - 2015-01-06 23:05 - 00022185 _____ () C:\Users\Movco\Downloads\FRST.txt
2015-01-06 14:08 - 2015-01-06 23:05 - 00000000 ____D () C:\FRST
2015-01-06 14:07 - 2015-01-06 14:07 - 02123776 _____ (Farbar) C:\Users\Movco\Downloads\FRST64.exe
2015-01-06 13:40 - 2015-01-06 13:40 - 01529856 _____ () C:\Users\Movco\Downloads\Log.db
2015-01-06 11:42 - 2015-01-06 11:42 - 07661087 _____ () C:\Users\Movco\Downloads\skrm_conf_1_6-814-1-6.zip
2015-01-06 10:45 - 2015-01-06 10:44 - 00007383 _____ () C:\Users\Movco\Desktop\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1).zip
2015-01-06 10:44 - 2015-01-06 10:44 - 00007383 _____ () C:\Users\Movco\Downloads\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1).zip
2015-01-06 10:02 - 2015-01-06 10:02 - 00002304 _____ () C:\Users\Movco\Desktop\Skyrim (SKSE).lnk
2015-01-06 10:00 - 2015-01-06 10:00 - 00313875 _____ () C:\Users\Movco\Downloads\skse_1_07_01_installer (2).exe
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-05 17:19 - 2015-01-05 17:20 - 04282672 _____ (Black Tree Gaming ) C:\Users\Movco\Downloads\Nexus Mod Manager-0.52.3.exe
2015-01-05 17:02 - 2015-01-05 17:02 - 00000197 _____ () C:\Windows\system32\2015-01-05-16-02-23.061-AvastVBoxSVC.exe-3640.log
2015-01-05 12:22 - 2015-01-05 12:22 - 00000197 _____ () C:\Windows\system32\2015-01-05-11-22-08.085-AvastVBoxSVC.exe-3216.log
2015-01-05 02:07 - 2015-01-05 02:07 - 00000000 ____D () C:\Users\Movco\AppData\Local\RzStats
2015-01-05 01:57 - 2015-01-05 01:57 - 00000197 _____ () C:\Windows\system32\2015-01-05-00-57-42.064-AvastVBoxSVC.exe-3756.log
2015-01-04 15:07 - 2015-01-04 15:07 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-07-23.057-AvastVBoxSVC.exe-3196.log
2015-01-03 11:43 - 2015-01-03 11:43 - 00000112 _____ () C:\Users\Movco\AppData\Roaming\JP2K CS6 Prefs
2015-01-03 11:09 - 2015-01-03 11:10 - 00000197 _____ () C:\Windows\system32\2015-01-03-10-09-54.097-AvastVBoxSVC.exe-3836.log
2015-01-02 16:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 16:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-02 16:28 - 2015-01-02 16:28 - 00000197 _____ () C:\Windows\system32\2015-01-02-15-28-24.077-AvastVBoxSVC.exe-3372.log
2014-12-19 04:22 - 2014-12-19 04:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 19:19 - 2014-12-17 19:19 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000275DE_mp332_A2DQJ3546IXBC4.adh
2014-12-17 15:04 - 2014-12-17 15:04 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-04-04.039-AvastVBoxSVC.exe-3320.log
2014-12-16 15:16 - 2014-12-16 15:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-14-16-03.014-AvastVBoxSVC.exe-3560.log
2014-12-16 09:58 - 2014-12-16 09:58 - 00000197 _____ () C:\Windows\system32\2014-12-16-08-58-43.017-AvastVBoxSVC.exe-2732.log
2014-12-15 16:33 - 2014-12-15 16:33 - 00000197 _____ () C:\Windows\system32\2014-12-15-15-33-10.095-AvastVBoxSVC.exe-3756.log
2014-12-15 07:53 - 2014-12-15 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-15-06-53-24.053-AvastVBoxSVC.exe-3712.log
2014-12-13 18:08 - 2014-12-13 18:08 - 00000197 _____ () C:\Windows\system32\2014-12-13-17-08-33.036-AvastVBoxSVC.exe-3608.log
2014-12-13 16:43 - 2014-12-13 16:43 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-43-01.099-AvastVBoxSVC.exe-1196.log
2014-12-13 08:03 - 2014-12-13 08:03 - 00000197 _____ () C:\Windows\system32\2014-12-13-07-03-19.090-AvastVBoxSVC.exe-3520.log
2014-12-12 22:15 - 2014-12-12 22:15 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000274DE_mp332_A2DQJ3546IXBC4.adh
2014-12-12 21:50 - 2014-12-12 21:50 - 00000197 _____ () C:\Windows\system32\2014-12-12-20-50-31.006-AvastVBoxSVC.exe-3400.log
2014-12-12 11:40 - 2014-12-12 11:40 - 00000197 _____ () C:\Windows\system32\2014-12-12-10-40-48.037-AvastVBoxSVC.exe-3920.log
2014-12-11 17:26 - 2014-12-11 17:26 - 00000197 _____ () C:\Windows\system32\2014-12-11-16-26-12.014-AvastVBoxSVC.exe-3952.log
2014-12-11 08:13 - 2014-12-11 08:13 - 00000197 _____ () C:\Windows\system32\2014-12-11-07-13-22.047-AvastVBoxSVC.exe-3836.log
2014-12-11 03:25 - 2014-12-11 03:25 - 00000197 _____ () C:\Windows\system32\2014-12-11-02-25-36.097-AvastVBoxSVC.exe-4952.log
2014-12-10 21:16 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 21:16 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 21:16 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 21:16 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 21:16 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 21:16 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 21:16 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 21:16 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:16 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 21:16 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 21:16 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 21:16 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 21:16 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 21:16 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 21:16 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 21:16 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 21:16 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 21:16 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 21:16 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 21:16 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 21:16 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 21:16 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 21:15 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 21:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 13:46 - 2014-12-10 13:53 - 92658088 _____ (Oracle Corporation) C:\Users\Movco\Downloads\jre-8u25-windows-x64.exe
2014-12-10 13:42 - 2014-12-10 13:43 - 00000197 _____ () C:\Windows\system32\2014-12-10-12-42-44.051-AvastVBoxSVC.exe-3776.log
2014-12-09 21:38 - 2014-12-09 21:39 - 00000197 _____ () C:\Windows\system32\2014-12-09-20-38-55.076-AvastVBoxSVC.exe-3412.log
2014-12-09 15:36 - 2014-12-09 15:37 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-36-48.068-AvastVBoxSVC.exe-3212.log
2014-12-09 06:46 - 2012-09-10 00:24 - 2140796243 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 2.mpg
2014-12-09 06:46 - 2012-09-09 22:44 - 84231023 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 1.mpg
2014-12-08 17:40 - 2014-12-08 17:40 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-40-00.092-AvastVBoxSVC.exe-3780.log
2014-12-07 12:11 - 2014-12-07 12:11 - 00000197 _____ () C:\Windows\system32\2014-12-07-11-11-22.060-AvastVBoxSVC.exe-3708.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 22:52 - 2014-03-30 23:12 - 01982337 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 22:52 - 2014-03-30 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 22:52 - 2014-03-30 14:54 - 00252706 _____ () C:\Windows\PFRO.log
2015-01-06 22:52 - 2014-03-30 14:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 22:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 22:52 - 2009-07-14 05:51 - 00115613 _____ () C:\Windows\setupact.log
2015-01-06 22:51 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 22:51 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 22:49 - 2014-03-30 14:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 22:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 20:49 - 2014-04-19 19:30 - 00000000 ____D () C:\Users\Movco\AppData\Local\Akamai
2015-01-06 20:36 - 2014-06-29 16:06 - 00000000 ____D () C:\Users\Movco\AppData\Local\Battle.net
2015-01-06 19:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-06 15:49 - 2014-03-31 18:32 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Spotify
2015-01-06 14:47 - 2014-03-30 19:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-06 14:44 - 2009-07-14 05:45 - 04951528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 14:10 - 2013-07-11 15:39 - 00000000 ____D () C:\Users\Movco\Desktop\Ordner
2015-01-06 14:09 - 2014-04-19 18:07 - 00000000 ____D () C:\Users\Movco\Desktop\Bilder und Bearbeitungstools
2015-01-06 14:09 - 2014-03-30 15:05 - 00000000 ____D () C:\Users\Movco\Desktop\Game-Programme
2015-01-06 11:41 - 2014-03-30 16:53 - 00000000 ____D () C:\Users\Movco\AppData\Local\Skyrim
2015-01-06 11:35 - 2012-06-29 19:00 - 00000000 ____D () C:\Users\Movco\Documents\Nexus Mod Manager
2015-01-06 09:54 - 2014-03-30 18:27 - 00000000 ____D () C:\Users\Movco\AppData\Local\Black_Tree_Gaming
2015-01-06 02:00 - 2014-04-21 11:03 - 00000000 ____D () C:\Users\Movco\AppData\Local\Adobe
2015-01-06 00:42 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 22:08 - 2014-11-25 21:19 - 00000132 _____ () C:\Users\Movco\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2015-01-05 21:42 - 2014-11-10 20:09 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\TS3Client
2015-01-05 19:39 - 2014-03-30 14:52 - 00064864 _____ () C:\Users\Movco\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 17:11 - 2014-04-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 17:11 - 2014-04-03 07:36 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Adobe
2015-01-03 12:41 - 2013-04-30 22:04 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-02 18:52 - 2009-07-14 18:58 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 18:52 - 2009-07-14 18:58 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 18:52 - 2009-07-14 06:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 16:45 - 2014-03-31 18:34 - 00000000 ____D () C:\Users\Movco\AppData\Local\Spotify
2014-12-17 20:17 - 2014-11-12 17:32 - 00000000 ____D () C:\Users\Movco\AppData\Local\Audible
2014-12-11 08:38 - 2014-06-29 16:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:05 - 2014-04-24 03:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:01 - 2014-04-24 03:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:55 - 2014-04-26 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-10 13:55 - 2014-04-26 19:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-10 13:55 - 2014-04-26 19:05 - 00000000 ____D () C:\Program Files\Java
2014-12-09 23:21 - 2014-12-06 12:43 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
Some content of TEMP:
====================
C:\Users\Movco\AppData\Local\Temp\Quarantine.exe
C:\Users\Movco\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 18:27
==================== End Of Log ============================
--- --- --- |
|
07.01.2015, 09:17
| #8 |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatischESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.01.2015, 18:14
| #9 |
| | Programme minimieren sich automatisch Okay bei dem Eset-durchlauf wurden ca.80 infizierte Dateinen gefungen , hier die logsCode:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=327fb87f88a7124c9a96d81cb4e0c4e4
# engine=21848
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-07 03:41:21
# local_time=2015-01-07 04:41:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 97 1820299 24439580 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 37123 172275131 0 0
# scanned=497747
# found=88
# cleaned=0
# scan_time=16383
sh=480FA2E02978E8173DE15B98EC3C8FEC9A4A424C ft=1 fh=1e3ce5e42604fd71 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner" ac=I fn="C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=28FBDEF1455C2C7F2D87F72E7F21F36F10E77D12 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\DealPly.crx"
sh=7B00A571214AAC63B041A6F00DBECF2C02E39D3D ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\DealPly.xpi"
sh=3404C17A9D61238BB4F48B166CBAD95994251BF7 ft=1 fh=60010ac1eb3f3cc8 vn="Variante von Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\DealPlyIE.dll"
sh=E08AE9A63C7D24CB30CBCAA919B3E450A1BF39EC ft=1 fh=0bcd3e3f572ae765 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\DealPlyUpdate.exe"
sh=D511C85A94649134C7BA8ECFD7876125A4C2F832 ft=1 fh=bdced5e2a18ee905 vn="Variante von Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\DealPlyUpdateRun.exe"
sh=31F3CDBA3B20AA2FFFBDEA91C8CDCE1B11767051 ft=1 fh=2e4aca76f6c4f8f5 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\DealPly\uninst.exe"
sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll"
sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll"
sh=4400797578E17E511E6164469770A80E828DDA3A ft=1 fh=56dbbea16253a143 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe"
sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll"
sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe"
sh=66AE7973E507FF0471DECFFF3BF7FFD40EA4D00D ft=1 fh=1b697967a44eb4e0 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll"
sh=78FEA0DD032339A1770B48A69DB3599EF9CDA412 ft=1 fh=a6801bc30340fdb2 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\f_in_box.dll"
sh=C020740EE3730ABEED73390DCAD90FC217BF1C14 ft=1 fh=4770a42fa509c29b vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\f_in_box__lib.dll"
sh=32E69287C1E51CAC9F43E0D21E1D61EB6256A253 ft=1 fh=5af0616ef6894051 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.AxImp.dll"
sh=961C3A62A1FEF34AF434E40A9EFAD7D0FCC00094 ft=1 fh=3ffb4e825bcd3cd5 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
sh=86F6E8A8E346EB1901AD68DCB5BF96EED54DD365 ft=1 fh=87ef99b1ced195b7 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
sh=C350D15A21E2A7FA4F4AAC66E9CF1054D75751C9 ft=1 fh=95637d52e20b35a0 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Business.dll"
sh=6B12574D116BA9FC3F909A14933FB375DBA7DE40 ft=1 fh=71f82bb46ea7742a vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.exe"
sh=735C904944DE2563A542A21769D1D843FDC0CCE2 ft=1 fh=29b0ed89f43208c6 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
sh=F6D451B58035F90155691DA552DE2FC56BE49F6F ft=1 fh=d45a2453cbdc151d vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Mediator.dll"
sh=DB9A2E6D1DA0BBDA241BFD0198508625A8F678C3 ft=1 fh=fe14f1ba692c8343 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Messengers.exe"
sh=A6391FFB741E93164F4D1C15A63000E5D8DA1E45 ft=1 fh=a5daa95cbea31c77 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Services.dll"
sh=9CD69C0D19AA897C0180381427F2B3F899C3C601 ft=1 fh=30f23b1a40d9fd86 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll"
sh=B2231A1AB34EDF0F4ADA3316EFED2C847FB60821 ft=1 fh=1f45354d0a80a16d vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.WinCore.dll"
sh=E24F4CFD0443F4CE57CF417DCD97AE2B1A67F043 ft=1 fh=e55fbb07c8216406 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
sh=71C0B6061D017368521991A6698E475E4BBE5D4A ft=1 fh=ed788edb9f52ea21 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
sh=F38F6D3181535DB4F76089AAFAC57A68FA6C8AAB ft=1 fh=6438f1800fbc2824 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
sh=A838D80D60FD23F77718E5E4D8BD351120DEE3BF ft=1 fh=b9edc12a36e67cb0 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Windows.dll"
sh=9FB83899A7B7001A3811A5C6A64797D39D75B7F8 ft=1 fh=b0cb7f97ca33a6d1 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Iminent.Workflow.dll"
sh=5ED5DC9C0A9DF35942B8993149703DA419DF6ECE ft=1 fh=00a3aa3c4617723f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
sh=0D8CCBD56094182E253398539AE6B9A7E8576D39 ft=1 fh=08eaeda7d85b156c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
sh=29F2FA05B01B90724F994C006F9F0E36706E6158 ft=1 fh=1897f5c7e0d47cd0 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Practices.EnterpriseLibrary.Caching.dll"
sh=54BE58017F0156D2AC9F64D548CDDDACCE05E306 ft=1 fh=50e1d9aec523454e vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Practices.EnterpriseLibrary.Common.dll"
sh=2C44263801E53963F7E6F5BC4582AA8D9BCD7169 ft=1 fh=04d80a600052bd4c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Practices.ServiceLocation.dll"
sh=14CC87CD9BD84A15B987E118D864EB37EF01FC6B ft=1 fh=67daa21f8f7829f7 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Practices.Unity.dll"
sh=CCCFB870BC1586D754171E77284FE31018239263 ft=1 fh=ed2fa9a0a4c5fb85 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\Microsoft.Practices.Unity.Interception.dll"
sh=F8B50F79E793F50D0E8677B9EB3B7361280B2E02 ft=1 fh=89780a729e3e4972 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\System.Data.SQLite.dll"
sh=A3BDD61F39C66DCCC0F8FC77B0E1BE0EFC73958F ft=1 fh=72ec0420ee3f471f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
sh=DA0AAAEE7160A5CBDA6183B615360817CD849284 ft=1 fh=1da55225f7cb034f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
sh=A3C2141DF0996F4FC4CAF28CEAFFC629023FF482 ft=1 fh=877063ba7139ae50 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\WPFToolkit.dll"
sh=DDE52C61584715C9EB6C1A41FEB36090A5E10A4E ft=1 fh=055858a1c9448eb1 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
sh=B4AF09267578AE79C2C21AAFD8085AAFC203011F ft=1 fh=578a4d6752204186 vn="Win32/LoadTubes.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll"
sh=0CCF8F4B7891BE24E69360313C22E54D1F9287B4 ft=1 fh=1a9630690cfb9f2a vn="Win32/Toolbar.SearchSuite.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"
sh=4420A05BA672C599EA4314C89902AF8AE7501FC7 ft=1 fh=03b46a45c64fac07 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
sh=18F9E65FA6716E12519BBDE4FEE05B31CAF26369 ft=1 fh=b01935f01de16579 vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
sh=ECBD5D3F1F23A8ADBCA798D08214075B9F63CE69 ft=1 fh=e22eaccde2a7daa2 vn="Variante von Win32/Toolbar.SearchSuite.R evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll"
sh=933EE1CFC477468D5E83B199B4A125A7DF22C117 ft=1 fh=699ca807896f7d2f vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll"
sh=5686D39940EB86A96B22B4F9B8CCB66F05ADE982 ft=1 fh=c71c001185bb6acd vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll"
sh=35F0447E19B99C6B7CCE7F1211A3DAAF93EF6330 ft=1 fh=ec28d71028a3752b vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"
sh=F7CAC96E1B6CECED961103E834E93EF634072CB9 ft=1 fh=5a5ff560e943df18 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"
sh=DB4B67CD0978E05C6190A3370ADF9A2003E36753 ft=1 fh=082f1f6aee5cf08a vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll"
sh=6505B4017A742332E933253F0F9EAB39CE266172 ft=1 fh=0216c665d26d87a6 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
sh=A3026BF11E5DC3C126CD054DF0DBBC5A3C945D45 ft=1 fh=57ef4e77c6f4524f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
sh=80D690D6A5D57A883AAEE464BF35A9F5B8832737 ft=1 fh=3daa122aea2194bb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll"
sh=51A425FAAA32618B3BEF813AE5AC0A6B10F00664 ft=1 fh=07dd38563461eeb1 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll"
sh=F6AC801E1D3995F95A2805227B0940F74A5DAB72 ft=1 fh=eb7d74be9d93ebad vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll"
sh=4C6562242EAC88E3A27EB55C7FFB414C63CB54EE ft=1 fh=d2d6121785d1111d vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Movco\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Movco\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Movco\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=8FD99F951A3075AB392679C9DB1758D0537D800F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Movco\AppData\Local\Torch\User Data\Default\Extensions\cflalecincenpgoekddbedhgbifcpofh\5.14\pPZZhEN.js.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Trace0.1176\Windows.old\ProgramData\DSearchLink\DSearchLink.exe"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Trace0.1176\Windows.old\ProgramData\InstallMate\{D1660A73-5A14-4826-AACD-12360A852885}\_Setupx.dll"
sh=938E2DF14BB916846E870392B97B9918378345EC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Trace0.1176\Windows.old\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res"
sh=11C802AC809363C7BB52F755EB48C018DB89352C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Trace0.1176\Windows.old\ProgramData\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}\iLividSetupV1.res"
sh=4C3FC582DC7ABCD107A5F839736C7D01573EF5DC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Trace0.1176\Windows.old\Windows\Installer\4a917a.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner" ac=I fn="C:\Users\Movco\Desktop\Ordner\Games\Cracked Ordner\Setup`s\Bullet Storm\flt-bull-by-FBN-fruchtboerse.li.iso"
sh=FDF193DCF242A67B9291CEFDC979242238722E65 ft=1 fh=b7d2810c3f9f9b8d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Movco\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=E1C0F72CA6A73F6A90276C1D2653B40840DEAA51 ft=1 fh=8fe5f05cc0cc32df vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Movco\Downloads\OpenOffice - CHIP-Installer.exe"
Code:
ATTFilter
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version 32-bit out of Date!
Google Chrome 34.0.1847.116 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Movco (administrator) on MOVCO-PC on 07-01-2015 16:56:12
Running from C:\Users\Movco\Desktop\Anti-Bösewicht Programme
Loaded Profile: Movco (Available profiles: Movco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Spotify Ltd) C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Movco\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Movco\Desktop\Anti-Bösewicht Programme\FRST64 (2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [976896 2012-11-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Movco\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\...\Run: [Spotify Web Helper] => C:\Users\Movco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4251330435-999982884-650065621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4251330435-999982884-650065621-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-4251330435-999982884-650065621-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-30]
Chrome:
=======
CHR Profile: C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Google-Suche) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (AdBlock) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-30]
CHR Extension: (One Piece Theme) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp [2014-03-30]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Movco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-06] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2014-04-29] (Creative Technology Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-06] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598840 2013-05-21] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\DRIVERS\3wareDrv.sys [102400 2009-08-31] (AMCC)
S3 adp3132; C:\Windows\system32\DRIVERS\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1050904 2014-04-29] (Creative Technology Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-06] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 16:55 - 2015-01-07 16:55 - 02124288 _____ (Farbar) C:\Users\Movco\Downloads\FRST64 (2).exe
2015-01-07 16:50 - 2015-01-07 16:50 - 00000938 _____ () C:\Users\Movco\Desktop\checkup.txt
2015-01-07 16:31 - 2015-01-07 16:31 - 00000000 ____D () C:\Users\Movco\Desktop\Mod Organizer v1_2_15-1334-1-2-15
2015-01-07 16:15 - 2015-01-07 16:13 - 00852505 _____ () C:\Users\Movco\Desktop\SecurityCheck.exe
2015-01-07 16:12 - 2015-01-07 16:13 - 00852505 _____ () C:\Users\Movco\Downloads\SecurityCheck.exe
2015-01-07 16:10 - 2015-01-07 16:11 - 17532281 _____ () C:\Users\Movco\Downloads\Mod Organizer v1_2_15-1334-1-2-15.7z
2015-01-07 16:05 - 2015-01-07 16:07 - 19366625 _____ () C:\Users\Movco\Downloads\Mod Organizer v1_2_15 installer-1334-1-2-15.exe
2015-01-07 15:47 - 2015-01-07 15:47 - 02602642 _____ () C:\Users\Movco\Downloads\ReProccer_2_5_1-28467-2-5-1.7z
2015-01-07 12:27 - 2015-01-07 12:28 - 00421824 _____ () C:\Users\Movco\Downloads\Optimizer Texures 083-12801-0-8-3.rar
2015-01-07 12:23 - 2015-01-07 12:23 - 02348352 _____ () C:\Users\Movco\Downloads\TES5Edit_3_0_32_EXPERIMENTAL-25859-3-0-32EXP.7z
2015-01-07 12:03 - 2015-01-07 12:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-07 12:02 - 2015-01-07 12:02 - 02347384 _____ (ESET) C:\Users\Movco\Downloads\esetsmartinstaller_deu.exe
2015-01-07 12:02 - 2015-01-07 12:02 - 02347384 _____ (ESET) C:\Users\Movco\Desktop\esetsmartinstaller_deu.exe
2015-01-07 11:55 - 2015-01-07 11:56 - 00000197 _____ () C:\Windows\system32\2015-01-07-10-55-31.040-AvastVBoxSVC.exe-4352.log
2015-01-06 23:23 - 2015-01-06 23:23 - 00000197 _____ () C:\Windows\system32\2015-01-06-22-23-36.014-AvastVBoxSVC.exe-3428.log
2015-01-06 23:04 - 2015-01-07 16:56 - 00000000 ____D () C:\Users\Movco\Desktop\Anti-Bösewicht Programme
2015-01-06 23:04 - 2015-01-06 23:05 - 02123776 _____ (Farbar) C:\Users\Movco\Downloads\FRST64 (1).exe
2015-01-06 22:59 - 2015-01-06 22:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 22:57 - 2015-01-06 22:57 - 01707939 _____ (Thisisu) C:\Users\Movco\Downloads\JRT.exe
2015-01-06 22:56 - 2015-01-06 22:56 - 00000197 _____ () C:\Windows\system32\2015-01-06-21-56-11.043-AvastVBoxSVC.exe-3428.log
2015-01-06 22:49 - 2015-01-06 22:57 - 00000000 ____D () C:\AdwCleaner
2015-01-06 22:48 - 2015-01-06 22:48 - 02173952 _____ () C:\Users\Movco\Downloads\AdwCleaner_4.106.exe
2015-01-06 22:46 - 2015-01-06 22:46 - 00000197 _____ () C:\Windows\system32\2015-01-06-21-46-29.095-AvastVBoxSVC.exe-3540.log
2015-01-06 22:20 - 2015-01-07 11:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 22:19 - 2015-01-06 22:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-06 22:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 22:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 22:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-06 22:16 - 2015-01-06 22:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Movco\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-06 19:51 - 2015-01-06 19:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-18-51-14.047-AvastVBoxSVC.exe-3268.log
2015-01-06 19:43 - 2015-01-06 19:43 - 00030083 _____ () C:\ComboFix.txt
2015-01-06 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-06 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-06 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-06 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-06 19:28 - 2015-01-06 19:43 - 00000000 ____D () C:\Qoobox
2015-01-06 19:28 - 2015-01-06 19:42 - 00000000 ____D () C:\Windows\erdnt
2015-01-06 19:26 - 2015-01-06 19:27 - 05609498 _____ (Swearware) C:\Users\Movco\Downloads\ComboFix.exe
2015-01-06 14:47 - 2015-01-06 14:48 - 00000197 _____ () C:\Windows\system32\2015-01-06-13-47-55.026-AvastVBoxSVC.exe-3684.log
2015-01-06 14:09 - 2015-01-06 14:10 - 00036936 _____ () C:\Users\Movco\Downloads\Addition.txt
2015-01-06 14:08 - 2015-01-07 16:56 - 00000000 ____D () C:\FRST
2015-01-06 14:08 - 2015-01-06 23:06 - 00043061 _____ () C:\Users\Movco\Downloads\FRST.txt
2015-01-06 14:07 - 2015-01-06 14:07 - 02123776 _____ (Farbar) C:\Users\Movco\Downloads\FRST64.exe
2015-01-06 13:40 - 2015-01-06 13:40 - 01529856 _____ () C:\Users\Movco\Downloads\Log.db
2015-01-06 11:42 - 2015-01-06 11:42 - 07661087 _____ () C:\Users\Movco\Downloads\skrm_conf_1_6-814-1-6.zip
2015-01-06 10:44 - 2015-01-06 10:44 - 00007383 _____ () C:\Users\Movco\Downloads\SSME - Skyrim Startup Memory Editor-50305-1-8-0-0 (1).zip
2015-01-06 10:02 - 2015-01-06 10:02 - 00002304 _____ () C:\Users\Movco\Desktop\Skyrim (SKSE).lnk
2015-01-06 10:00 - 2015-01-06 10:00 - 00313875 _____ () C:\Users\Movco\Downloads\skse_1_07_01_installer (2).exe
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-05 17:23 - 2015-01-05 17:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-05 17:19 - 2015-01-05 17:20 - 04282672 _____ (Black Tree Gaming ) C:\Users\Movco\Downloads\Nexus Mod Manager-0.52.3.exe
2015-01-05 17:02 - 2015-01-05 17:02 - 00000197 _____ () C:\Windows\system32\2015-01-05-16-02-23.061-AvastVBoxSVC.exe-3640.log
2015-01-05 12:22 - 2015-01-05 12:22 - 00000197 _____ () C:\Windows\system32\2015-01-05-11-22-08.085-AvastVBoxSVC.exe-3216.log
2015-01-05 02:07 - 2015-01-05 02:07 - 00000000 ____D () C:\Users\Movco\AppData\Local\RzStats
2015-01-05 01:57 - 2015-01-05 01:57 - 00000197 _____ () C:\Windows\system32\2015-01-05-00-57-42.064-AvastVBoxSVC.exe-3756.log
2015-01-04 15:07 - 2015-01-04 15:07 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-07-23.057-AvastVBoxSVC.exe-3196.log
2015-01-03 11:43 - 2015-01-03 11:43 - 00000112 _____ () C:\Users\Movco\AppData\Roaming\JP2K CS6 Prefs
2015-01-03 11:09 - 2015-01-03 11:10 - 00000197 _____ () C:\Windows\system32\2015-01-03-10-09-54.097-AvastVBoxSVC.exe-3836.log
2015-01-02 16:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 16:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-02 16:28 - 2015-01-02 16:28 - 00000197 _____ () C:\Windows\system32\2015-01-02-15-28-24.077-AvastVBoxSVC.exe-3372.log
2014-12-19 04:22 - 2014-12-19 04:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 19:19 - 2014-12-17 19:19 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000275DE_mp332_A2DQJ3546IXBC4.adh
2014-12-17 15:04 - 2014-12-17 15:04 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-04-04.039-AvastVBoxSVC.exe-3320.log
2014-12-16 15:16 - 2014-12-16 15:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-14-16-03.014-AvastVBoxSVC.exe-3560.log
2014-12-16 09:58 - 2014-12-16 09:58 - 00000197 _____ () C:\Windows\system32\2014-12-16-08-58-43.017-AvastVBoxSVC.exe-2732.log
2014-12-15 16:33 - 2014-12-15 16:33 - 00000197 _____ () C:\Windows\system32\2014-12-15-15-33-10.095-AvastVBoxSVC.exe-3756.log
2014-12-15 07:53 - 2014-12-15 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-15-06-53-24.053-AvastVBoxSVC.exe-3712.log
2014-12-13 18:08 - 2014-12-13 18:08 - 00000197 _____ () C:\Windows\system32\2014-12-13-17-08-33.036-AvastVBoxSVC.exe-3608.log
2014-12-13 16:43 - 2014-12-13 16:43 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-43-01.099-AvastVBoxSVC.exe-1196.log
2014-12-13 08:03 - 2014-12-13 08:03 - 00000197 _____ () C:\Windows\system32\2014-12-13-07-03-19.090-AvastVBoxSVC.exe-3520.log
2014-12-12 22:15 - 2014-12-12 22:15 - 00000300 _____ () C:\Users\Movco\Downloads\BK_ADKO_000274DE_mp332_A2DQJ3546IXBC4.adh
2014-12-12 21:50 - 2014-12-12 21:50 - 00000197 _____ () C:\Windows\system32\2014-12-12-20-50-31.006-AvastVBoxSVC.exe-3400.log
2014-12-12 11:40 - 2014-12-12 11:40 - 00000197 _____ () C:\Windows\system32\2014-12-12-10-40-48.037-AvastVBoxSVC.exe-3920.log
2014-12-11 17:26 - 2014-12-11 17:26 - 00000197 _____ () C:\Windows\system32\2014-12-11-16-26-12.014-AvastVBoxSVC.exe-3952.log
2014-12-11 08:13 - 2014-12-11 08:13 - 00000197 _____ () C:\Windows\system32\2014-12-11-07-13-22.047-AvastVBoxSVC.exe-3836.log
2014-12-11 03:25 - 2014-12-11 03:25 - 00000197 _____ () C:\Windows\system32\2014-12-11-02-25-36.097-AvastVBoxSVC.exe-4952.log
2014-12-10 21:16 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 21:16 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 21:16 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 21:16 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 21:16 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 21:16 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 21:16 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 21:16 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 21:16 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:16 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 21:16 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 21:16 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 21:16 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 21:16 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 21:16 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:16 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 21:16 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 21:16 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 21:16 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 21:16 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 21:16 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 21:16 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:16 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 21:16 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 21:16 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 21:16 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 21:16 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 21:16 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 21:16 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 21:16 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:16 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 21:16 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 21:16 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 21:16 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 21:16 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 21:16 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 21:15 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 21:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 13:46 - 2014-12-10 13:53 - 92658088 _____ (Oracle Corporation) C:\Users\Movco\Downloads\jre-8u25-windows-x64.exe
2014-12-10 13:42 - 2014-12-10 13:43 - 00000197 _____ () C:\Windows\system32\2014-12-10-12-42-44.051-AvastVBoxSVC.exe-3776.log
2014-12-09 21:38 - 2014-12-09 21:39 - 00000197 _____ () C:\Windows\system32\2014-12-09-20-38-55.076-AvastVBoxSVC.exe-3412.log
2014-12-09 15:36 - 2014-12-09 15:37 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-36-48.068-AvastVBoxSVC.exe-3212.log
2014-12-09 06:46 - 2012-09-10 00:24 - 2140796243 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 2.mpg
2014-12-09 06:46 - 2012-09-09 22:44 - 84231023 _____ () C:\Users\Movco\Desktop\Waltz with Bashir Teil 1.mpg
2014-12-08 17:40 - 2014-12-08 17:40 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-40-00.092-AvastVBoxSVC.exe-3780.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 16:49 - 2014-03-30 14:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 16:49 - 2014-03-30 14:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 16:39 - 2014-03-30 15:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-07 16:29 - 2014-03-30 15:05 - 00000000 ____D () C:\Users\Movco\Desktop\Game-Programme
2015-01-07 15:59 - 2014-04-19 19:30 - 00000000 ____D () C:\Users\Movco\AppData\Local\Akamai
2015-01-07 15:59 - 2014-03-30 16:53 - 00000000 ____D () C:\Users\Movco\AppData\Local\Skyrim
2015-01-07 15:56 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 15:56 - 2009-07-14 05:45 - 00014064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 15:35 - 2014-03-31 18:32 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Spotify
2015-01-07 12:40 - 2013-07-11 18:32 - 00000000 ____D () C:\Textures Backup
2015-01-07 11:58 - 2014-03-30 23:12 - 02014110 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 11:56 - 2014-03-30 19:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-07 11:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 11:54 - 2009-07-14 05:51 - 00115949 _____ () C:\Windows\setupact.log
2015-01-07 11:53 - 2014-03-30 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 02:00 - 2014-04-21 11:03 - 00000000 ____D () C:\Users\Movco\AppData\Local\Adobe
2015-01-06 22:52 - 2014-03-30 14:54 - 00252706 _____ () C:\Windows\PFRO.log
2015-01-06 20:36 - 2014-06-29 16:06 - 00000000 ____D () C:\Users\Movco\AppData\Local\Battle.net
2015-01-06 19:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-06 14:44 - 2009-07-14 05:45 - 04951528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 14:10 - 2013-07-11 15:39 - 00000000 ____D () C:\Users\Movco\Desktop\Ordner
2015-01-06 14:09 - 2014-04-19 18:07 - 00000000 ____D () C:\Users\Movco\Desktop\Bilder und Bearbeitungstools
2015-01-06 11:35 - 2012-06-29 19:00 - 00000000 ____D () C:\Users\Movco\Documents\Nexus Mod Manager
2015-01-06 09:54 - 2014-03-30 18:27 - 00000000 ____D () C:\Users\Movco\AppData\Local\Black_Tree_Gaming
2015-01-06 00:42 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 22:08 - 2014-11-25 21:19 - 00000132 _____ () C:\Users\Movco\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2015-01-05 21:42 - 2014-11-10 20:09 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\TS3Client
2015-01-05 19:39 - 2014-03-30 14:52 - 00064864 _____ () C:\Users\Movco\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 17:11 - 2014-04-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 17:11 - 2014-04-03 07:36 - 00000000 ____D () C:\Users\Movco\AppData\Roaming\Adobe
2015-01-03 12:41 - 2013-04-30 22:04 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-02 18:52 - 2009-07-14 18:58 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 18:52 - 2009-07-14 18:58 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 18:52 - 2009-07-14 06:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 16:45 - 2014-03-31 18:34 - 00000000 ____D () C:\Users\Movco\AppData\Local\Spotify
2014-12-17 20:17 - 2014-11-12 17:32 - 00000000 ____D () C:\Users\Movco\AppData\Local\Audible
2014-12-11 08:38 - 2014-06-29 16:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:05 - 2014-04-24 03:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:01 - 2014-04-24 03:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:55 - 2014-04-26 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-10 13:55 - 2014-04-26 19:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-10 13:55 - 2014-04-26 19:05 - 00000000 ____D () C:\Program Files\Java
2014-12-09 23:21 - 2014-12-06 12:43 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
Some content of TEMP:
====================
C:\Users\Movco\AppData\Local\Temp\Quarantine.exe
C:\Users\Movco\AppData\Local\Temp\sqlite3.dll
C:\Users\Movco\AppData\Local\Temp\__pythonRunner.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 18:27
==================== End Of Log ============================
--- --- --- So hab jetzt Java und Chrome geupdated |
|
07.01.2015, 18:14
| #10 | |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatischZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 00:16
| #11 |
| | Programme minimieren sich automatisch Hmm. . .das ist wohl von einer anderen Festplatte draufgekommen Tut mir Leid, viele Sachen habe ich von Freunden bekommen, ich hab da keinen Durchblick mehr In dem Ordner befindet sich auch Far Cry 2, das hab ich gekauft, vor etwas längerer Zeit "Bullet Storm\flt-bull-by-FBN-fruchtboerse.li.iso", das Spiel hatte ich noch nie?! Kann sich mein PC überhaupt noch erholen? Die Sachen die ich da sehe sind schon auf dem alten Rechner gewesen (Iminent, Search SuiteToolbar, Babylon etc.) habe ich schon vor Ewigkeiten deinstalliert, deaktiviert gelöscht! Ich habe auch regelmäßig die Prozesse und Programme kontrolliert und keine Kryptic sachen entdeckt, geschweige denn bulletstorm gesehen Können Viren mit den Skyrimmods zusammenhängen? Ich bin ziemlich aktiv was Mods angeht, und habe mir vor längerer Zeit irgendwas von einer Chinesischen Seite heruntergeladen -.-Den Ordner habe ich gelöscht, weiß nicht ob das so eine gute Idee war, wenn der infizierte Dateien beinhaltet hat |
|
08.01.2015, 08:05
| #12 | |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatischZitat:
Java udn Chrome updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Program Files (x86)\EA\Bulletstorm
C:\Program Files (x86)\Program Files (x86)\Conduit
C:\Program Files (x86)\Program Files (x86)\DealPly
C:\Program Files (x86)\Program Files (x86)\Iminent
C:\Program Files (x86)\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar
C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar
C:\Trace0.1176\Windows.old
C:\Users\Movco\Desktop\Ordner\Games\Cracked Ordner\Setup`s\Bullet Storm\flt-bull-by-FBN-fruchtboerse.li.iso
C:\Users\Movco\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
C:\Users\Movco\Downloads\OpenOffice - CHIP-Installer.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 09:14
| #13 |
| | Programme minimieren sich automatischCode:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Movco at 2015-01-08 09:08:11 Run:1
Running from C:\Users\Movco\Desktop\Anti-Bösewicht Programme
Loaded Profile: Movco (Available profiles: Movco)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Program Files (x86)\EA\Bulletstorm
C:\Program Files (x86)\Program Files (x86)\Conduit
C:\Program Files (x86)\Program Files (x86)\DealPly
C:\Program Files (x86)\Program Files (x86)\Iminent
C:\Program Files (x86)\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar
C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar
C:\Trace0.1176\Windows.old
C:\Users\Movco\Desktop\Ordner\Games\Cracked Ordner\Setup`s\Bullet Storm\flt-bull-by-FBN-fruchtboerse.li.iso
C:\Users\Movco\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
C:\Users\Movco\Downloads\OpenOffice - CHIP-Installer.exe
Emptytemp:
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4251330435-999982884-650065621-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Program Files (x86)\EA\Bulletstorm => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\Conduit => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\DealPly => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\Iminent => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\Searchqu Toolbar => Moved successfully.
C:\Program Files (x86)\Program Files (x86)\Windows iLivid Toolbar => Moved successfully.
C:\Trace0.1176\Windows.old => Moved successfully.
"C:\Users\Movco\Desktop\Ordner\Games\Cracked Ordner\Setup`s\Bullet Storm\flt-bull-by-FBN-fruchtboerse.li.iso" => File/Directory not found.
C:\Users\Movco\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe => Moved successfully.
C:\Users\Movco\Downloads\OpenOffice - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 179.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:08:30 ====
|
|
08.01.2015, 09:33
| #14 |
| /// the machine /// TB-Ausbilder | Programme minimieren sich automatisch Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 17:59
| #15 |
| | Programme minimieren sich automatisch Vielen Dank, das du dir die Zeit dafür genommen hast :* Ich habe auch zufällig mein Product-Key gefunden (auf dem alten Gehäuse) und Windows ist jetzt doch aktiviert! Nochmals Dank  |
|
| Themen zu Programme minimieren sich automatisch |
| antivirus, askbar, automatisch, avast, button, chromium, code, cpu, fix, free, geforce, hallo zusammen, meldung, minimieren, motherboard, neu, plötzlich, problem, programme, remote, schnell, screen, shell, spiele, tools, tracking, windows, windows 7, windows-kopie |
WARNUNG an die MITLESER: 
Linear-Darstellung
