Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Chrom lädt automatisch Datein runter ?

Chrom lädt automatisch Datein runter ?


Plagegeister aller Art und deren Bekämpfung: Chrom lädt automatisch Datein runter ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2015, 20:30   #1
HorreRide
 
Chrom lädt automatisch Datein runter ? - Standard

Chrom lädt automatisch Datein runter ?


Hallo.

Ich war heute ganz normal beim Internet surfen als plötzlich Chrome angefangen eine "vlc.exe" zu downloaden. Da die Datei klein war konnte ich den Download nicht schnell genug canceln und Avira ist daraufhin angeschlagen mit folgendem Fund: 'PUA/Softpulse.Gen' .

Nun ist das schon zum zweiten mal passiert jedoch findet Avira sonst nichts verdächtiges auf dem System.

Wisst ihr was da los ist ? Und richten diese runter geladenen Datein schaden aus ? Wurden ja beide male direkt von Avira in die Quarantäne verschoben.

Alt 07.03.2015, 20:32   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Chrom lädt automatisch Datein runter ? - Standard

Chrom lädt automatisch Datein runter ?


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 07.03.2015, 20:46   #3
HorreRide
 
Chrom lädt automatisch Datein runter ? - Standard

Chrom lädt automatisch Datein runter ?



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Hossam (administrator) on EASYMUFFIN on 07-03-2015 20:38:49
Running from X:\Libraries\Downloads
Loaded Profiles: Hossam &  (Available profiles: Hossam)
Platform: Windows 8.1 (X64) OS Language: German (Germany)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\puush\puush.exe
(Valve Corporation) X:\Program Files\Steam\Steam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Valve Corporation) X:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AppWork GmbH) C:\Program Files\JDownloader v2.0\JDownloader2.exe
(Valve Corporation) X:\Program Files\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Razer Lachesis Driver] => C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe [838160 2012-12-21] (Razer USA Ltd)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-07] ()
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Spotify Web Helper] => C:\Users\Hossam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Steam] => X:\Program Files\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Spotify] => C:\Users\Hossam\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-07] ()
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Hossam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => X:\Program Files\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Hossam\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-14] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3450479177-531897440-768990038-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Hossam\AppData\Roaming\Mozilla\Firefox\Profiles\RdWz8WBB.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-05-14] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Hossam\AppData\Roaming\Mozilla\Firefox\Profiles\RdWz8WBB.default\Extensions\abs@avira.com [2014-12-09]

Chrome: 
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyD0F0B0E0F0BtCtAyE0C0BtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0EyCzz0D0DyCtGzztB0ByCtGyDyBtDzytG0E0C0FtDtGtB0C0EyEtByCtAyE0B0Bzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCtA0DyEyByByBtGzzzz0BzytGyE0EtCzytGzzyCtDzztGtDtA0AzytByEyDyB0AyDzz0C2Q&cr=1867435061&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyD0F0B0E0F0BtCtAyE0C0BtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0EyCzz0D0DyCtGzztB0ByCtGyDyBtDzytG0E0C0FtDtGtB0C0EyEtByCtAyE0B0Bzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCtA0DyEyByByBtGzzzz0BzytGyE0EtCzytGzzyCtDzztGtDtA0AzytByEyDyB0AyDzz0C2Q&cr=1867435061&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-07]
CHR Extension: (BetterTTV) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-07]
CHR Extension: (Google Docs) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
CHR Extension: (Google Drive) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-15]
CHR Extension: (YouTube) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
CHR Extension: (Adblock Plus) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-07]
CHR Extension: (Google Search) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
CHR Extension: (Woodark) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiallmdmonifegjibcalpdgnjaomkme [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-10]
CHR Extension: (Hola Better Internet) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-07]
CHR Extension: (FVD Downloader) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-07]
CHR Extension: (Gmail) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-07] ()
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-07] (EasyAntiCheat Ltd)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2014-11-06] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-05-14] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 KAUpdateService; F:\Programme\The Book of Unwritten Tales 2\service\KAUpdateService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-05-14] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-02-13] (TENCENT)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 20:38 - 2015-03-07 20:38 - 00000000 ____D () C:\FRST
2015-03-07 20:21 - 2015-03-07 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 20:21 - 2015-03-07 20:21 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-07 20:21 - 2015-03-07 20:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-07 20:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-07 20:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-07 20:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-06 11:54 - 2015-03-06 11:54 - 00000000 ____D () C:\Program Files\GIGABYTE
2015-03-06 11:54 - 2013-10-28 10:02 - 00022240 _____ () C:\Windows\system32\Drivers\AppleCharger.sys
2015-03-06 11:54 - 2013-10-24 17:29 - 00022240 _____ () C:\Windows\system32\Drivers\UsbCharger.sys
2015-03-06 11:54 - 2010-04-06 16:30 - 00031272 _____ () C:\Windows\system32\AppleChargerSrv.exe
2015-03-05 15:43 - 2015-03-05 15:43 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Keysticks.net
2015-03-05 15:42 - 2015-03-05 15:42 - 00002657 _____ () C:\Users\Public\Desktop\Keysticks.lnk
2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keysticks
2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\ProgramData\Keysticks.net
2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Keysticks.net
2015-03-02 21:10 - 2015-03-02 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 16:05 - 2015-02-28 16:11 - 00001024 ____H () C:\AMTAG.BIN
2015-02-28 15:35 - 2015-02-28 15:35 - 00004096 ___SH () C:\{E997FCA9-2A36-4989-9162-FD05FC2C0A1A}.CBM
2015-02-28 15:26 - 2015-02-28 15:35 - 00492032 ___SH () C:\{1944EB38-0039-4E61-937A-C26C31DF3E8B}.CBM
2015-02-28 15:23 - 2015-02-28 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-02-28 15:23 - 2015-02-28 15:23 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2015-02-28 15:18 - 2015-02-28 15:26 - 00488448 ___SH () C:\EUMONBMP.SYS
2015-02-28 14:31 - 2015-02-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.0
2015-02-28 14:29 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2015-02-28 13:39 - 2015-02-28 13:40 - 00001546 _____ () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
2015-02-28 13:39 - 2015-02-28 13:39 - 00000000 _____ () C:\Users\Hossam\-multi.txt
2015-02-27 19:49 - 2015-02-27 19:49 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-25 17:47 - 2015-02-25 17:47 - 00000000 ____D () C:\Users\Hossam\My Games
2015-02-25 17:38 - 2015-02-25 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\There Came an Echo
2015-02-25 17:38 - 2015-02-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2015-02-24 21:06 - 2015-02-24 21:06 - 00001321 _____ () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenHardwareMonitor.lnk
2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 15:50 - 2015-02-23 15:50 - 00000000 ____D () C:\Meine Backups
2015-02-23 15:50 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2015-02-23 15:50 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2015-02-23 15:50 - 2014-12-15 00:59 - 00048168 _____ () C:\Windows\system32\Drivers\EUBKMON.sys
2015-02-23 15:50 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2015-02-23 15:48 - 2015-02-28 14:30 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2015-02-21 22:11 - 2015-02-25 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-02-21 00:15 - 2015-02-21 00:15 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-21 00:15 - 2015-02-21 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 11:14 - 2015-02-19 11:14 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Steam
2015-02-18 22:24 - 2015-02-18 22:24 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-02-18 22:22 - 2015-03-07 19:31 - 00000000 ____D () C:\Program Files\JDownloader v2.0
2015-02-18 14:30 - 2015-02-18 14:30 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Focus Home Interactive
2015-02-13 00:26 - 2015-02-13 00:26 - 00000000 ____D () C:\Users\Hossam\AppData\Local\AAA_Internet_Publishing,_
2015-02-13 00:26 - 2015-02-13 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2015-02-13 00:26 - 2014-10-15 14:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2015-02-12 11:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 11:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:23 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:23 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:23 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 12:23 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 12:23 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:23 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 12:23 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:23 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 12:23 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 12:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 12:23 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 12:23 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:23 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:23 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:23 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 12:23 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 12:23 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 12:23 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 12:23 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 12:23 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:23 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 12:23 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 12:23 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 12:23 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 12:23 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 12:22 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:22 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:22 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:22 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:22 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 12:22 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 12:22 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:22 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 12:22 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:22 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 12:22 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 12:22 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 12:22 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 12:22 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 12:22 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:22 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:22 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:22 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:22 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 12:22 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:22 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 12:22 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 12:22 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 12:22 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:22 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 12:22 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 12:22 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 12:22 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 12:22 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 12:22 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:22 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:22 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 12:22 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 12:22 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 12:22 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\Download
2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\AllShare
2015-02-07 20:41 - 2015-03-06 11:54 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Downloaded Installations
2015-02-07 20:41 - 2015-02-09 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-07 20:17 - 2015-02-09 10:39 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\SAMSUNG
2015-02-07 20:17 - 2015-02-07 20:17 - 00000000 ____D () C:\Upload
2015-02-07 20:17 - 2015-02-07 20:17 - 00000000 ____D () C:\ProgramData\SAMSUNG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 20:35 - 2014-12-07 00:54 - 01323332 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 20:34 - 2014-12-18 21:56 - 00045301 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-07 20:32 - 2014-12-07 07:36 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Skype
2015-03-07 20:12 - 2014-12-07 06:57 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-07 16:37 - 2014-03-18 11:03 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 16:37 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-03-07 16:37 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-03-07 16:31 - 2014-12-26 13:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-03-07 16:31 - 2014-12-26 13:36 - 00000014 _____ () C:\Windows\OCStatus.ini
2015-03-07 16:31 - 2014-12-26 01:11 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-07 16:31 - 2014-12-07 06:57 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 16:31 - 2014-12-07 06:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 16:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 14:52 - 2014-12-07 01:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3450479177-531897440-768990038-1001
2015-03-06 12:15 - 2014-12-26 01:15 - 00170303 _____ () C:\Windows\SysWOW64\bios.ini
2015-03-06 11:54 - 2014-12-26 01:10 - 00000000 ____D () C:\Program Files (x86)\Gigabyte
2015-03-06 11:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-05 11:59 - 2014-12-09 11:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 11:59 - 2014-12-07 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 11:59 - 2014-12-07 07:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 13:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-03-04 12:52 - 2014-12-09 11:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 12:52 - 2014-12-07 07:11 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 12:52 - 2014-12-07 07:11 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 14:06 - 2014-12-17 22:48 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\OBS
2015-02-28 16:29 - 2014-12-07 00:54 - 00000000 ____D () C:\Users\Hossam
2015-02-25 17:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-24 21:06 - 2010-01-31 23:00 - 00000000 ____D () C:\Program Files\OpenHardwareMonitor
2015-02-24 20:05 - 2015-01-06 20:07 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-02-24 19:51 - 2013-08-22 15:44 - 00362816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 10:20 - 2014-12-07 06:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 22:45 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files\OBS
2015-02-23 16:45 - 2014-12-07 07:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-21 13:28 - 2014-12-07 11:46 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Spotify
2015-02-21 13:28 - 2014-12-07 06:58 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Spotify
2015-02-21 00:15 - 2014-12-07 06:58 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-20 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 11:42 - 2014-12-07 07:36 - 00000000 ____D () C:\ProgramData\Skype
2015-02-19 11:41 - 2014-12-07 07:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-18 22:32 - 2014-12-27 18:13 - 00000000 ____D () C:\Users\Hossam\.weblaf
2015-02-18 22:08 - 2014-12-07 13:02 - 00000000 ____D () C:\Program Files (x86)\puush
2015-02-17 13:25 - 2015-01-30 13:45 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Tunngle
2015-02-16 13:03 - 2014-12-11 13:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 13:01 - 2014-12-11 13:24 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 01:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-13 01:34 - 2014-12-25 01:16 - 00910992 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2015-02-09 10:39 - 2014-12-07 07:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-12-15 00:14 - 2014-12-15 00:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-12-07 07:00 - 2014-12-07 07:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Hossam\AppData\Local\Temp\avgnt.exe
C:\Users\Hossam\AppData\Local\Temp\proxy_vole4827868200911130535.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-27 11:52

==================== End Of Log ============================
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Hossam at 2015-03-07 20:39:06
Running from X:\Libraries\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B14.1003.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B14.1003.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 -  GIGABYTE)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dynasty Warriors 8 Xtreme Legends version 1.02 (HKLM-x32\...\{F2CA1EE3-A492-4220-AE30-69F963100DE2}_is1) (Version: 1.02 - Koei Tecmo)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
F1 2012 (HKLM-x32\...\Steam App 208500) (Version:  - Codemasters Birmingham)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Fragen-Lern-CD 4.6 (x32 Version: 4.6.5 - Wendel-Verlag GmbH) Hidden
Google Chrome (HKLM-x32\...\{DDCA236C-A28B-3979-8855-B7475BCAD806}) (Version: 66.30.49223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Homeworld Remastered Collection MULTi2 1.0 (HKLM-x32\...\Homeworld Remastered Collection MULTi2 1.0) (Version:  - )
HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1006 - Intel Corporation)
Intel(R) Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (de-DE) (HKLM-x32\...\{955F43D9-38C4-4C22-BEE3-1A6C63F968FA}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-AU) (HKLM-x32\...\{FA19A2B8-9A24-49B0-A51C-CF4A6B4B2B62}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-CA) (HKLM-x32\...\{0C96ED3F-83E2-4917-89DC-7837DC775FEC}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-GB) (HKLM-x32\...\{E0D13850-F97C-4B30-9F05-862299CE8DA5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-ES) (HKLM-x32\...\{5D4A25B6-3A4E-409B-90FA-EDE99E2006B4}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-MX) (HKLM-x32\...\{BE94188A-CA4F-4AC7-A1B3-52D37882C30D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-CA) (HKLM-x32\...\{58DE670F-4977-4A23-9D2E-8C82A2072920}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-FR) (HKLM-x32\...\{4D2DDB98-1FE6-4CFE-BCFD-EFE27FF24FAE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (it-IT) (HKLM-x32\...\{9267D7E7-5872-4CB1-B4E3-377F4CA272D0}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ja-JP) (HKLM-x32\...\{A06F3EA5-7C55-4505-8982-534BA05F49BE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ko-KR) (HKLM-x32\...\{1D8F6891-9B7F-4F08-A54E-C568D8C33276}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-PT) (HKLM-x32\...\{DAFE30C6-C638-4505-9372-2ECD1A1B317C}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-HK) (HKLM-x32\...\{6BAA03F9-B2E5-40EB-8871-703FF0046E9D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-TW) (HKLM-x32\...\{28292B72-CF8A-4915-A5F5-07FF1E44C6F5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of Mordor version 1.2 (HKLM-x32\...\{CBC0D3A9-406A-43DD-8CC1-A268F9E8D6BC}_is1) (Version: 1.2 - RFT)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B14.0217.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Razer Lachesis (HKLM-x32\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.00.0000 - Razer USA Ltd.)
Razer Lachesis 5600 (HKLM-x32\...\{B86EE1B4-85B7-4731-AA28-7262A722B3FE}) (Version: 3.03.00 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)
SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SPEEDLINK STRIKE Gamepad (HKLM-x32\...\{DFF7CD2E-2BB5-40C3-9592-078F64677EFF}) (Version: 1.00.0000 - )
Spotify (HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
There Came an Echo (HKLM-x32\...\There Came an Echo_is1) (Version:  - )
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1305.1 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 5.0 - Ubisoft)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-02-2015 20:05:57 Installed SPEEDLINK STRIKE Gamepad
04-03-2015 15:09:04 Geplanter Prüfpunkt
05-03-2015 15:42:01 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17A94334-B319-4C45-9038-A6324028D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {80FF52AB-C731-406D-87E0-350C9C5B39C7} - System32\Tasks\Cleanup by CCleaner => C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20] (Piriform Ltd)
Task: {92E43638-4A53-4608-A5CC-CA2A9A481AE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {AA0C94F6-330F-4B39-A162-BB13E3922B97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4AAC837-C887-480E-B14A-B877A127306C} - System32\Tasks\Driver Booster SkipUAC (Hossam) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C7212003-8111-4EF3-AFAC-FB62F53E091A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-16] (Microsoft Corporation)
Task: {F25C9B10-A7CB-4388-B60C-65F7C0A01A1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-07 06:49 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-02-28 14:29 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2014-12-07 13:02 - 2014-12-07 13:02 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2015-02-28 14:30 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
2015-03-07 17:11 - 2015-03-07 17:11 - 00040448 ____N () C:\Users\Hossam\AppData\Local\Temp\proxy_vole4827868200911130535.dll
2015-03-07 17:11 - 2015-03-07 17:11 - 00566439 _____ () C:\Program Files\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2015-03-07 17:11 - 2015-03-07 17:11 - 04078962 _____ () C:\Program Files\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-02-28 14:29 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
2015-02-28 14:29 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-02-24 21:12 - 2014-11-11 19:47 - 00774656 _____ () X:\Program Files\Steam\SDL2.dll
2015-02-24 21:12 - 2014-12-02 01:29 - 05002752 _____ () X:\Program Files\Steam\v8.dll
2015-02-24 21:12 - 2015-02-19 00:51 - 02360000 _____ () X:\Program Files\Steam\video.dll
2015-02-24 21:12 - 2014-12-02 01:29 - 01612800 _____ () X:\Program Files\Steam\icui18n.dll
2015-02-24 21:12 - 2014-12-02 01:29 - 01210368 _____ () X:\Program Files\Steam\icuuc.dll
2015-02-24 21:12 - 2014-12-01 22:31 - 02396672 _____ () X:\Program Files\Steam\libavcodec-56.dll
2015-02-24 21:12 - 2014-12-01 22:31 - 00479744 _____ () X:\Program Files\Steam\libavformat-56.dll
2015-02-24 21:12 - 2014-12-01 22:31 - 00332800 _____ () X:\Program Files\Steam\libavresample-2.dll
2015-02-24 21:12 - 2014-12-01 22:31 - 00442880 _____ () X:\Program Files\Steam\libavutil-54.dll
2015-02-24 21:12 - 2014-12-01 22:31 - 00485888 _____ () X:\Program Files\Steam\libswscale-3.dll
2015-02-24 21:12 - 2015-02-19 00:51 - 00702656 _____ () X:\Program Files\Steam\bin\chromehtml.DLL
2015-02-28 14:30 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
2015-02-28 14:30 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
2015-02-28 14:30 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
2015-02-28 14:30 - 2014-12-15 01:04 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
2015-02-24 21:12 - 2015-01-28 02:30 - 34641288 _____ () X:\Program Files\Steam\bin\libcef.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 15:08 - 2014-05-14 15:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-24 21:12 - 2015-01-28 02:30 - 01709960 _____ () X:\Program Files\Steam\bin\ffmpegsumo.dll
2015-02-20 16:12 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 16:12 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 16:12 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 16:12 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3450479177-531897440-768990038-1001\Control Panel\Desktop\\Wallpaper -> F:\Inhalte\Desktop\3840x2400 (4).jpg
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> F:\Inhalte\Desktop\3840x2400 (4).jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Lachesis Driver"
HKLM\...\StartupApproved\Run32: => "Lachesis"
HKLM\...\StartupApproved\Run32: => "AllShareAgent"
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "HP Photosmart 5510 series (NET)"
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "HP Photosmart 5510 series (NET)"

==================== Accounts: =============================

Administrator (S-1-5-21-3450479177-531897440-768990038-500 - Administrator - Disabled)
Gast (S-1-5-21-3450479177-531897440-768990038-501 - Limited - Disabled)
Hossam (S-1-5-21-3450479177-531897440-768990038-1001 - Administrator - Enabled) => C:\Users\Hossam

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows is removing this device. (Code 21)
Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view.
If that does not resolve the problem, restart your computer. 


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2015 00:16:33 PM) (Source: ThermalConsole) (EventID: 0) (User: )
Description: System.NotSupportedException: Specified method is not supported.
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects()
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor()
   at ThermalConsole.MainWindow.InitObjects()

Error: (03/06/2015 00:16:33 PM) (Source: thermald) (EventID: 0) (User: )
Description: System.NotSupportedException: Specified method is not supported.
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects()
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor()
   at thermald.MainWindow.InitHardwareMonitorObjects()

Error: (03/03/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 5.4.0.241, time stamp: 0x54e6b86b
Faulting module name: League of Legends.exe, version: 5.4.0.241, time stamp: 0x54e6b86b
Exception code: 0xc0000409
Fault offset: 0x00b45f15
Faulting process id: 0x2244
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (03/03/2015 04:12:51 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: This event has been logged by the BugSplat crash reporting library (hxxp://www.bugsplatsoftware.com) 
in partnership with your vendor lol_beta_riotgames_com.
A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=-1.
Please contact your vendor for more information.

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Kontext: Windows Anwendung


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Kontext: Windows Anwendung


Details:
	(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)


System errors:
=============
Error: (03/07/2015 04:31:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:20:49 on ‎07.‎03.‎2015 was unexpected.

Error: (03/07/2015 04:31:21 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256844719550584112040

Error: (03/06/2015 11:54:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/06/2015 00:12:59 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/05/2015 01:00:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/04/2015 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/03/2015 00:02:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/03/2015 00:53:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/02/2015 09:12:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/02/2015 09:12:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/06/2015 00:16:33 PM) (Source: ThermalConsole) (EventID: 0) (User: )
Description: System.NotSupportedException: Specified method is not supported.
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects()
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor()
   at ThermalConsole.MainWindow.InitObjects()

Error: (03/06/2015 00:16:33 PM) (Source: thermald) (EventID: 0) (User: )
Description: System.NotSupportedException: Specified method is not supported.
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects()
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName)
   at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor()
   at thermald.MainWindow.InitHardwareMonitorObjects()

Error: (03/03/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.4.0.24154e6b86bLeague of Legends.exe5.4.0.24154e6b86bc000040900b45f15224401d055e2dd38ece7C:\Program Files (x86)\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.79\deploy\League of Legends.exeC:\Program Files (x86)\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.79\deploy\League of Legends.exeda172883-c1de-11e4-82b6-74d435fbefb1

Error: (03/03/2015 04:12:51 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: lol_beta_riotgames_comLOL_Public-1

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Kontext: Windows Anwendung


Details:
	(HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)
The catalog is corrupt


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 16304.85 MB
Available physical RAM: 11241.11 MB
Total Pagefile: 17328.85 MB
Available Pagefile: 11327.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.13 GB) (Free:159.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive x: (Storage) (Fixed) (Total:831.39 GB) (Free:697.91 GB) NTFS
Drive z: (Metopus) (Fixed) (Total:453.76 GB) (Free:269.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CBA5BC7A)
Partition 1: (Active) - (Size=238.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3B902D93)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=12 GB) - (Type=27)
Partition 3: (Not Active) - (Size=453.8 GB) - (Type=42)

==================== End Of Log ============================
Ist das so richtig ?
__________________
Alt 08.03.2015, 14:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Chrom lädt automatisch Datein runter ? - Standard

Chrom lädt automatisch Datein runter ?


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Chrom lädt automatisch Datein runter ?
automatisch, canceln, chrome, datein, fehlercode 0xc0000409, fehlercode 21, gefangen, interne, internet, konnte, nichts, plötzlich, pua/softpulse.gen, runter, schnell, surfen, verdächtiges, windows is removing this device. (code 21)


« Mbam bricht suchlauf ab und laptop hängt sich auf bei der datei NLsdata0022.dll, was soll oder kann ich tun | Internetproblem durch Schadsoftware »


Ähnliche Themen: Chrom lädt automatisch Datein runter ?


  1. WinVista32bit: SimpleFiles lädt nicht löschbare Dateien runter
    Plagegeister aller Art und deren Bekämpfung - 02.04.2015 (3)
  2. Windows 7: PC lädt Dateien runter (crl oder msi) sobald das Internet an ist
    Log-Analyse und Auswertung - 13.02.2015 (7)
  3. Zwei Tabs mit Werbung öffnen sich gleichzeitig automatisch in Google Chrom
    Log-Analyse und Auswertung - 10.01.2015 (19)
  4. Lautstärke geht automatisch aus, Firefox lädt schlecht, Tastatur+Maus funktionieren nicht
    Log-Analyse und Auswertung - 31.08.2014 (17)
  5. Scrollt automatisch runter - nur in Installationsprogrammen
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (7)
  6. 1. Java lädt Viren runter, 2. Online Banking TANs gesperrt
    Log-Analyse und Auswertung - 21.07.2011 (3)
  7. Maus scrollt Automatisch hoch und runter!
    Netzwerk und Hardware - 04.11.2010 (1)
  8. Mein PC lädt runter und lädt runter..
    Log-Analyse und Auswertung - 26.08.2010 (22)
  9. PC fährt automatisch runter. Firefox spinnt.
    Log-Analyse und Auswertung - 17.07.2010 (13)
  10. Benutzerkonto lädt hoch und fährt direkt wieder runter :(
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (1)
  11. PC lädt im Hintergrund runter
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (2)
  12. Mein Vista lädt ständig runter! Warum?
    Log-Analyse und Auswertung - 15.06.2008 (9)
  13. Virus mein pc lädt im hintergrund vieren runter !! HILFE !!
    Log-Analyse und Auswertung - 04.03.2008 (13)
  14. PC fährt automatisch runter
    Alles rund um Windows - 13.07.2007 (19)
  15. Iexplorer lädt automatisch seiten - performance Schwankung
    Plagegeister aller Art und deren Bekämpfung - 24.05.2007 (3)
  16. Win XP fährt automatisch runter
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (7)
  17. Computer fährt automatisch runter
    Plagegeister aller Art und deren Bekämpfung - 01.12.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Chrom lädt automatisch Datein runter ? - Hallo. Ich war heute ganz normal beim Internet surfen als plötzlich Chrome angefangen eine "vlc.exe" zu downloaden. Da die Datei klein war konnte ich den Download nicht schnell genug canceln - Chrom lädt automatisch Datein runter ?...
Archiv
Du betrachtest: Chrom lädt automatisch Datein runter ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130