|
Plagegeister aller Art und deren Bekämpfung: Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.03.2015, 12:54 | #1 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Hallo. Ich habe seit 2 Tagen das Problem das Firefox einfach neue Tabs öffnet mit Werbung. Das ging los nachdem ich mir etwas gedownloadet habe ich habe.. (eine Handyspiel für den Pc) Aber nachdem ich es wieder deinstalliert habe ist es leider nicht verschwunden. Wenn ich Firefox deinstalliere es mir neu installiere ist das Problem bis zum nächsten Neustart meines Rechners verschwunden doch dann taucht es wieder auf. Außerdem öffnet sich nach jedem Neustart nach einer "zufälligen" Zeit wie es scheint eine Installation mit einem Programm namens AnyWhereSetUpWizard (welche ich nie ausgeführt habe). mfg Alessio |
12.03.2015, 13:09 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.03.2015, 13:51 | #3 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Alessio (administrator) on ALESSIO-PC on 12-03-2015 13:45:34 Running from C:\Users\Alessio\Downloads Loaded Profiles: Alessio (Available profiles: Alessio) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\System32\PnkBstrA.exe () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7CCA.tmp (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Users\Alessio\AppData\Local\winengine\rkr1.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe (Super PC Tools Ltd) C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) HKLM\...\Policies\Explorer\Run: [14206] => C:\ProgramData\Local Settings\Temp\msyaravy.scr [32072 2009-07-14] ( (Microsoft Corporation)) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Services] => C:\Users\Alessio\AppData\Local\Temp\zrdihj.exe <===== ATTENTION HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Java] => C:\Users\Alessio\AppData\Local\Temp\Java.exe <===== ATTENTION HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Chrome Browser] => C:\ProgramData\Chrome Browser0\juqsvyqvq.exe HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-11] (NEXON Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [winengine] => C:\Users\Alessio\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] () HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [winengine2] => C:\Users\Alessio\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] () HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\MountPoints2: {74bb3247-522c-11e2-b1b1-806e6f6e6963} - D:\autostart.exe IFEO\ccsvchst.exe: [Debugger] skskj.exe IFEO\hijackthis.exe: [Debugger] zp_.exe IFEO\housecalllauncher.exe: [Debugger] fr_.exe IFEO\rstrui.exe: [Debugger] om_.exe IFEO\spybotsd.exe: [Debugger] fn_.exe IFEO\symerr.exe: [Debugger] jtkyy.exe Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LEVxCIdNFBMA.lnk ShortcutTarget: LEVxCIdNFBMA.lnk -> C:\Users\Alessio\AppData\Local\Temp\LEVxCIdNFBMA.exe (No File) Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52166;https=127.0.0.1:52166 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-17] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-01] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL [2012-06-21] (Symantec Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-14] (Nexon) FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4026364676-241273927-3108656300-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alessio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS) FF Extension: Zoom It - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{93e9ed41-1f4f-b4bd-0dae-b2b4e3c23151} [2015-03-12] FF Extension: Adblock Plus - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2012-12-30] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2013-03-26] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi FF HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\vxvj29up.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Docs) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Speed Test Analysis) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16] CHR Extension: (Gmail) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\Alessio\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814976 2015-02-06] () R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-12-07] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [123320 2011-11-07] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts) S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-14] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-15] () R2 pumygydy; C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [211456 2015-03-11] () [File not signed] R2 ryqofisu; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7CCA.tmp [136704 2015-03-11] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] () R2 xebejehi; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [91648 2015-03-11] () [File not signed] R2 zizudobe; C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [94720 2015-03-11] () [File not signed] S2 Util Mountain Bike; "C:\Program Files (x86)\Mountain Bike\bin\utilMountainBike.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-30] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130226.002\IDSvia64.sys [513184 2012-12-28] (Symantec Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130227.003\ENG64.SYS [126192 2013-01-19] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130227.003\EX64.SYS [2087664 2013-01-19] (Symantec Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S1 aclrtvfz; \??\C:\Windows\system32\drivers\aclrtvfz.sys [X] S1 dfxdnxpi; \??\C:\Windows\system32\drivers\dfxdnxpi.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 13:45 - 2015-03-12 13:46 - 00027911 _____ () C:\Users\Alessio\Downloads\FRST.txt 2015-03-12 13:44 - 2015-03-12 13:45 - 00000000 ____D () C:\FRST 2015-03-12 13:44 - 2015-03-12 13:44 - 02095616 _____ (Farbar) C:\Users\Alessio\Downloads\FRST64.exe 2015-03-12 13:19 - 2015-03-12 13:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-12 12:22 - 2015-03-12 12:47 - 00001095 _____ () C:\Users\Alessio\Desktop\Continue Live Installation.lnk 2015-03-12 12:21 - 2015-03-12 12:21 - 02171392 _____ () C:\Users\Alessio\Downloads\adwcleaner_4.112(4).exe 2015-03-12 12:00 - 2015-03-09 11:32 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-12 12:00 - 2015-03-09 11:32 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00830600 _____ (Internet software ) C:\Users\Alessio\Downloads\adobe_flash_setup.exe 2015-03-11 17:57 - 2015-03-11 17:57 - 02171392 _____ () C:\Users\Alessio\Downloads\adwcleaner_4.112(3).exe 2015-03-11 14:31 - 2015-03-11 14:32 - 00000000 ____D () C:\Users\Alessio\Desktop\YT Dlds 2015-03-11 14:30 - 2015-03-11 14:30 - 11123720 _____ () C:\Users\Alessio\Downloads\YTDSetup.exe 2015-03-11 11:46 - 2015-03-11 11:46 - 00243528 _____ () C:\Users\Alessio\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-11 10:40 - 2015-03-11 10:40 - 02171392 _____ () C:\Users\Alessio\Downloads\adwcleaner_4.112(2).exe 2015-03-11 10:33 - 2015-03-11 10:33 - 02171392 _____ () C:\Users\Alessio\Downloads\adwcleaner_4.112(1).exe 2015-03-11 10:30 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 10:30 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 10:30 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 10:30 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 10:30 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 10:30 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 10:30 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 10:30 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 10:30 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 10:30 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 10:30 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 10:30 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 10:30 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 10:30 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 10:30 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 10:29 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 10:29 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 10:29 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 10:29 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 10:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 10:29 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 10:29 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 10:28 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 10:28 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 10:28 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 10:28 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 10:28 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 10:28 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 10:28 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 10:28 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 10:28 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 10:28 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 10:28 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 10:28 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 10:28 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 10:28 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 10:28 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 10:28 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 10:28 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 10:28 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 10:28 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 10:28 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 10:28 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 10:28 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 10:28 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 10:28 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 10:28 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 10:28 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 10:28 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 10:28 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 10:28 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 10:26 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 10:26 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 10:11 - 2015-03-11 10:11 - 02171392 _____ () C:\Users\Alessio\Downloads\adwcleaner_4.112.exe 2015-03-11 10:09 - 2015-03-12 12:30 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D 2015-03-11 10:08 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D 2015-03-11 10:06 - 2015-03-11 10:06 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068395-11DD-896D-3085A9AF655D 2015-03-11 10:05 - 2015-03-11 22:06 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D 2015-03-11 10:04 - 2015-03-11 10:21 - 00000000 ____D () C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\winengine 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Bluestacks 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\ProgramData\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed} 2015-03-11 10:03 - 2015-03-11 10:03 - 00537824 _____ () C:\Users\Alessio\Downloads\Castle%20Clash.exe 2015-03-08 11:51 - 2015-03-08 11:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2015-03-08 11:49 - 2007-01-19 18:24 - 00025312 ____R (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2015-03-08 11:47 - 2015-03-08 11:47 - 00000000 ____D () C:\Program Files (x86)\NETGEAR 2015-03-08 11:47 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2015-03-08 11:47 - 2011-04-19 17:52 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-03-08 11:47 - 2010-06-09 13:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\Packet.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00053299 _____ () C:\Windows\SysWOW64\pthreadVC.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-03-08 11:46 - 2015-03-08 11:46 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\InstallShield 2015-03-06 15:47 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-04 21:59 - 2015-03-04 22:00 - 00000000 ____D () C:\Users\Alessio\Desktop\AoT 2015-02-26 11:37 - 2015-02-27 11:05 - 00000391 _____ () C:\Users\Alessio\Desktop\Miss.txt 2015-02-25 11:19 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:19 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157(1).exe 2015-02-24 14:36 - 2015-03-05 14:42 - 00001194 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk 2015-02-24 14:36 - 2015-03-05 14:42 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-02-19 11:11 - 2015-02-19 11:11 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Steam 2015-02-18 15:06 - 2015-02-18 15:06 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-18 00:19 - 2015-02-18 09:41 - 00019627 _____ () C:\Users\Alessio\Desktop\ALN.odt 2015-02-17 23:12 - 2015-02-17 23:13 - 00000582 _____ () C:\Users\Alessio\Desktop\Jokes.txt 2015-02-17 23:10 - 2015-02-17 23:54 - 00000140 _____ () C:\Users\Alessio\Desktop\Quellen.txt 2015-02-17 17:26 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-17 17:26 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-15 12:14 - 2015-02-15 12:14 - 00000222 _____ () C:\Users\Alessio\Desktop\GunZ 2 The Second Duel.url 2015-02-11 15:19 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 15:19 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 15:19 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 15:18 - 2015-02-11 15:18 - 00003550 _____ () C:\Users\Alessio\Desktop\AOT.txt 2015-02-11 15:18 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 15:18 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 15:18 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 15:18 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 13:26 - 2012-12-29 23:16 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Skype 2015-03-12 13:07 - 2012-12-29 22:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 12:54 - 2013-02-25 18:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-12 12:39 - 2013-03-16 10:54 - 00000000 ____D () C:\Fraps 2015-03-12 12:32 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-12 12:32 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-12 12:29 - 2012-12-30 04:03 - 01077601 _____ () C:\Windows\WindowsUpdate.log 2015-03-12 12:26 - 2013-05-25 11:40 - 00000000 ____D () C:\ProgramData\Origin 2015-03-12 12:26 - 2013-02-08 23:46 - 00000000 ____D () C:\Users\Alessio\AppData\Local\LogMeIn Hamachi 2015-03-12 12:26 - 2012-12-30 12:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-12 12:25 - 2013-05-25 11:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-12 12:25 - 2012-12-29 22:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 12:25 - 2009-07-14 05:51 - 00294019 _____ () C:\Windows\setupact.log 2015-03-12 12:24 - 2012-12-30 04:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-12 12:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-12 12:23 - 2014-09-14 21:49 - 00000000 ____D () C:\AdwCleaner 2015-03-12 12:01 - 2013-01-06 14:31 - 00000000 ____D () C:\Users\Alessio\AppData\Local\CrashDumps 2015-03-12 12:00 - 2015-01-08 14:15 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Adobe 2015-03-11 18:05 - 2010-11-21 04:47 - 00675612 _____ () C:\Windows\PFRO.log 2015-03-11 17:57 - 2013-06-25 16:00 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Warframe 2015-03-11 11:44 - 2012-12-29 22:40 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Google 2015-03-11 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 11:34 - 2009-07-14 05:45 - 00346416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:04 - 2013-08-15 22:25 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 10:57 - 2013-06-27 00:24 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 10:15 - 2012-12-30 04:07 - 00000999 _____ () C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-08 11:54 - 2011-04-12 08:43 - 01283404 _____ () C:\Windows\system32\perfh007.dat 2015-03-08 11:54 - 2011-04-12 08:43 - 00331438 _____ () C:\Windows\system32\perfc007.dat 2015-03-08 11:54 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 11:47 - 2012-12-30 04:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 14:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-05 22:35 - 2013-01-25 22:54 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\TS3Client 2015-03-05 20:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-24 14:41 - 2013-05-27 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ____D () C:\ProgramData\Skype 2015-02-18 15:28 - 2014-11-20 18:02 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Dxtory Software 2015-02-18 15:07 - 2014-10-13 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-18 14:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-18 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-17 18:04 - 2013-12-04 20:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\ArmA 2 OA 2015-02-16 16:20 - 2013-02-08 23:47 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-02-16 10:45 - 2015-01-25 19:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2015-02-12 14:06 - 2014-12-12 12:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 14:06 - 2014-05-06 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 23:37 - 2014-04-15 16:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 23:36 - 2013-03-02 18:41 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-11 23:36 - 2013-03-02 18:41 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-11 23:36 - 2013-03-02 18:41 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-11 23:35 - 2013-03-02 18:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client ==================== Files in the root of some directories ======= 2013-03-26 21:37 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe 2013-05-31 19:27 - 2013-08-27 13:18 - 0036864 _____ () C:\Users\Alessio\AppData\Roaming\RZR_0060f45e48b3b0e8dcec4d8da47b.db 2013-03-26 23:10 - 2013-03-26 23:10 - 0004743 _____ () C:\Users\Alessio\AppData\Roaming\ss.png 2013-03-26 21:22 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak 2013-09-22 20:14 - 2014-09-07 17:46 - 0000177 _____ () C:\Users\Alessio\AppData\Roaming\WB.CFG 2013-12-02 19:36 - 2014-04-11 15:36 - 0012800 _____ () C:\Users\Alessio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-01 14:44 - 2014-11-01 14:44 - 0002227 _____ () C:\Users\Alessio\AppData\Local\recently-used.xbel 2013-05-14 13:07 - 2013-05-14 13:07 - 0024128 _____ () C:\Users\Alessio\AppData\Local\Temp1.jpg Some content of TEMP: ==================== C:\Users\Alessio\AppData\Local\Temp\besC458.exe C:\Users\Alessio\AppData\Local\Temp\bitool.dll C:\Users\Alessio\AppData\Local\Temp\bi_cleaner.exe C:\Users\Alessio\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\Alessio\AppData\Local\Temp\GUninstaller.exe C:\Users\Alessio\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe C:\Users\Alessio\AppData\Local\Temp\HiRezLauncherControls.dll C:\Users\Alessio\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe C:\Users\Alessio\AppData\Local\Temp\ICReinstall_winzip18-firedrive-2.exe C:\Users\Alessio\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe C:\Users\Alessio\AppData\Local\Temp\nsd8E36.exe C:\Users\Alessio\AppData\Local\Temp\nsdE1B9.exe C:\Users\Alessio\AppData\Local\Temp\nsi8BE4.exe C:\Users\Alessio\AppData\Local\Temp\nsk1DD0.exe C:\Users\Alessio\AppData\Local\Temp\nssDCE6.exe C:\Users\Alessio\AppData\Local\Temp\nssDF57.exe C:\Users\Alessio\AppData\Local\Temp\nsx90D5.exe C:\Users\Alessio\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Alessio\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Alessio\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Alessio\AppData\Local\Temp\nvStInst.exe C:\Users\Alessio\AppData\Local\Temp\optprosetup.exe C:\Users\Alessio\AppData\Local\Temp\optsetup.exe C:\Users\Alessio\AppData\Local\Temp\Quarantine.exe C:\Users\Alessio\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\Alessio\AppData\Local\Temp\sdfC1C8.exe C:\Users\Alessio\AppData\Local\Temp\setup.exe C:\Users\Alessio\AppData\Local\Temp\SkypeSetup.exe C:\Users\Alessio\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe C:\Users\Alessio\AppData\Local\Temp\sonarinst.exe C:\Users\Alessio\AppData\Local\Temp\SpOrder.dll C:\Users\Alessio\AppData\Local\Temp\Sqlite3.dll C:\Users\Alessio\AppData\Local\Temp\supoptsetup.exe C:\Users\Alessio\AppData\Local\Temp\WebCompanionInstaller.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 15:16 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Alessio at 2015-03-12 13:46:30 Running from C:\Users\Alessio\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Story DE 4.1.176 (HKLM-x32\...\4Story_DE_is1) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - ) aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version: - Browser Updater) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.11 - Cliqz.com) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ Commander (HKLM-x32\...\{D4BA1D6D-DACD-4411-9DEC-6BEE3793277E}) (Version: 0.92.95 - Dotjosh Studios) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) GDMO (HKLM-x32\...\DMO) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment) GunZ2 (HKLM-x32\...\GunZ2) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1311.20) (Version: 3.6.1311.20 - Solveig Multimedia) Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North) MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.15.96 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{9fe8a752-f74c-45c7-a712-1398de096d70}) (Version: latest - ppy Pty Ltd) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) S4 League (HKLM-x32\...\S4 League) (Version: - ) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Shutdown Timer (HKLM-x32\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios) Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited) Speed Test Analysis (HKLM-x32\...\Speed Test Analysis) (Version: 1.0.0.0 - SpeedAnalysis.com) <==== ATTENTION Spider-Man 3 (TM) (HKLM-x32\...\InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}) (Version: 1.00.0000 - Activision) Spider-Man 3(TM) (x32 Version: 1.00.0000 - Activision) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games) TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version: - NCH Software) Vindictus EU (HKLM-x32\...\Vindictus EU) (Version: - ) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) winengine (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-03-2015 14:26:30 Windows Update 08-03-2015 11:46:26 Installiert NETGEAR WNDA3100v2 wireless USB 2.0 driver 08-03-2015 11:49:31 Gerätetreiber-Paketinstallation: NETGEAR Inc. Netzwerkprotokoll 09-03-2015 12:12:55 Windows Update 11-03-2015 10:55:42 Windows Update 12-03-2015 11:59:07 LavasoftWeCompanion 12-03-2015 12:02:54 LavasoftWeCompanion ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E2B83DC-C03A-45CB-AD4F-16ECBAAA06CA} - System32\Tasks\{FB710A8C-3F20-4037-BA9F-2279DB8C60CE} => C:\Users\Alessio\Desktop\Spiele\Cube World\Server.exe Task: {1D71DD0D-918A-411F-8C1F-C38D3F4B92A9} - System32\Tasks\{B712CEDA-CB66-487A-B1D0-16FCF3833331} => pcalua.exe -a C:\Users\Alessio\Downloads\pb35setup.exe -d C:\Users\Alessio\Downloads Task: {1ED6DB81-95D4-4B4A-93C3-3B61C2869614} - System32\Tasks\{3B21737A-2EEE-4B80-9791-0CA45E4EAF79} => pcalua.exe -a "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2\instmsiw.exe" -d "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2" Task: {247C1470-0DD9-41AA-A141-37540BCC668C} - System32\Tasks\{ECC14FBB-A210-44BF-8D17-90CFAE26A593} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar Task: {2EF31754-B9D1-40E1-80B1-903CE51B89E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {35596071-9BC2-41E5-B2B9-C49C82FFD345} - System32\Tasks\{960ABE80-50A4-4F97-828F-A3F8E9D4AF23} => pcalua.exe -a C:\Users\Alessio\Desktop\CS2_RetNon_Ger_2.exe -d C:\Users\Alessio\Desktop Task: {3FEDD910-5225-45A1-9ED3-6D2FC0133681} - System32\Tasks\{DDB1CD15-9B67-416D-B21D-5EBEDD2258B6} => C:\Users\Alessio\Desktop\Spiele\Leagues of Legends\Dateipad\lol.launcher.exe [2012-04-24] () Task: {43DC7FE8-7A84-4957-9976-FC78A4C5E65C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {4CBDEA00-DB3A-47F5-8938-A1DBB93E4E9F} - System32\Tasks\{F555DCF7-5330-4992-8D0E-44803962035A} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=Angry Birds Space Bundle by SweetPacks" Task: {5116F59E-BFC1-4DEC-B583-AF8D98340A93} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION Task: {6A9CB896-454F-4215-8A53-491B65F633CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {6ABE04FA-43E5-4FD2-9A16-F47C36BE603E} - System32\Tasks\{E76D057E-E5CC-451F-A489-35E0711C5B54} => pcalua.exe -a "C:\Users\Alessio\Desktop\Spiele\Cube World\CubeLauncher.exe" -d "C:\Users\Alessio\Desktop\Spiele\Cube World" Task: {6B5BF2CD-A7A4-43DB-BEBF-2B5C73F1B284} - System32\Tasks\{59712F7F-602B-4259-BC4A-F548DA1D39C8} => pcalua.exe -a C:\Users\Alessio\Downloads\S4_League.exe -d C:\Users\Alessio\Downloads Task: {776CE386-3FF0-44F2-9329-DEA6CD841DC7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {798E7F0A-8A24-4746-B159-10A30453F181} - System32\Tasks\{A5848A69-81AF-4E23-94FE-FF5D088EF999} => pcalua.exe -a "C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {804B9EB3-6929-4223-B074-1C73241530F9} - System32\Tasks\{C4B7EC27-61A6-4F4A-AB88-42C1FC45D781} => pcalua.exe -a C:\Users\Alessio\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION Task: {809E5053-971E-4266-A206-18A382E1A764} - System32\Tasks\Windows Update Check - 0x05B00174 => C:\ProgramData\Chrome <==== ATTENTION Task: {A2355A77-DABF-4F47-8816-514349A52D56} - System32\Tasks\{AB2A9000-5877-4F39-ABD8-165203A76308} => C:\Program Files (x86)\S4League\patcher_s4.exe Task: {ACAE00EF-7BE7-4867-8B68-EF3912A49A8A} - System32\Tasks\{9425F20D-C1BE-4D99-BCBD-82AD7F4A72C7} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {B14A17CA-B4E5-47BB-8CEE-284D553D2AA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {B48C1041-F6D2-4432-B57A-53D52830AC20} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {C355A1C9-D143-4253-A2F6-125B60A794A0} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Alessio\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe Task: {C8779DCA-8234-45DC-B195-770DCFC0E0E2} - System32\Tasks\{43ED0757-E288-4FDA-9F7B-48A48A47A945} => pcalua.exe -a "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0\Multi[Installer] v1.0.exe" -d "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0" Task: {DAFB7EC2-4535-447E-B6F1-CE356597BB61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AllmyappsUpdateTask.job => C:\Users\Alessio\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-12-30 04:26 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-14 12:08 - 2014-07-14 12:08 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2015-03-11 10:09 - 2015-03-11 10:09 - 00211456 _____ () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp 2015-03-11 22:06 - 2015-03-11 22:06 - 00136704 _____ () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7CCA.tmp 2013-05-11 18:40 - 2013-05-11 18:40 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe 2015-03-08 11:47 - 2013-12-30 16:07 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe 2015-03-11 10:06 - 2015-03-11 10:06 - 00091648 _____ () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp 2015-03-11 10:08 - 2015-03-11 10:09 - 00094720 _____ () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp 2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\Alessio\AppData\Local\winengine\rkr1.exe 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2013-06-12 18:11 - 2014-01-19 14:02 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-03-12 13:20 - 2015-03-12 13:20 - 02211832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\LoLLauncher.exe 2015-03-12 13:20 - 2015-03-12 13:20 - 03796984 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcher.exe 2015-03-12 13:20 - 2015-03-12 13:20 - 03331064 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe 2013-03-25 13:23 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 13:52 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2012-12-30 12:10 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-03-08 11:47 - 2013-12-26 17:08 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll 2012-12-30 12:10 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-10-21 21:55 - 2014-03-24 09:37 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2014-10-21 21:55 - 2014-03-24 09:33 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2015-02-05 01:54 - 2015-02-05 01:54 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01546744 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\RiotLauncher.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 43374072 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\libcef.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01571832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\icui18n.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01253880 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\icuuc.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 05088760 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\v8.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01638904 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\RiotRadsIO.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01775096 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\libglesv2.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 00171512 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\libegl.dll 2015-03-12 13:20 - 2015-03-12 13:20 - 01056248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LEVxCIdNFBMA.lnk => C:\Windows\pss\LEVxCIdNFBMA.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lkYsOYc1bJT0.lnk => C:\Windows\pss\lkYsOYc1bJT0.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VnjnJP5w6eXE.lnk => C:\Windows\pss\VnjnJP5w6eXE.lnk.Startup ==================== Accounts: ============================= Administrator (S-1-5-21-4026364676-241273927-3108656300-500 - Administrator - Disabled) Alessio (S-1-5-21-4026364676-241273927-3108656300-1000 - Administrator - Enabled) => C:\Users\Alessio Gast (S-1-5-21-4026364676-241273927-3108656300-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4026364676-241273927-3108656300-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Ethernet-Controller Description: Ethernet-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2015 00:26:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2015 00:02:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm WebCompanion.exe, Version 1.1.913.1833 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a60 Startzeit: 01d05cb3e44f372d Endzeit: 11 Anwendungspfad: C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe Berichts-ID: 4178bc50-c8a7-11e4-bc70-874082d81e3f Error: (03/12/2015 00:01:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0 Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften Prozesses: 0x16a0 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (03/12/2015 11:59:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm adobe_flash_setup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 418 Startzeit: 01d05cb358021774 Endzeit: 3 Anwendungspfad: C:\Users\Alessio\Downloads\adobe_flash_setup.exe Berichts-ID: d054ad35-c8a6-11e4-bc70-df31dd597320 Error: (03/12/2015 11:50:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 06:07:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 05:44:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 11:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 11:35:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 10:47:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Skype.exe, Version 7.1.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bc0 Startzeit: 01d05be01df6f95b Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe Berichts-ID: aade4331-c7d3-11e4-ab4a-c39ce33ff254 System errors: ============= Error: (03/12/2015 01:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 00:25:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Mountain Bike" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 00:25:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Common Client Job Manager Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 00:25:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 00:05:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (03/12/2015 00:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Util Between Lines" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/12/2015 00:00:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (03/12/2015 11:58:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 11:50:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Mountain Bike" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/12/2015 11:50:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Common Client Job Manager Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (03/12/2015 00:26:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2015 00:02:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: WebCompanion.exe1.1.913.18331a6001d05cb3e44f372d11C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe4178bc50-c8a7-11e4-bc70-874082d81e3f Error: (03/12/2015 00:01:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e0216a001d05cb3b3d7477fC:\Program Files (x86)\Mozilla Firefoxy\plugin-container.exeC:\Program Files (x86)\Mozilla Firefoxy\mozalloc.dll1b79019f-c8a7-11e4-bc70-874082d81e3f Error: (03/12/2015 11:59:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: adobe_flash_setup.exe0.0.0.041801d05cb3580217743C:\Users\Alessio\Downloads\adobe_flash_setup.exed054ad35-c8a6-11e4-bc70-df31dd597320 Error: (03/12/2015 11:50:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 06:07:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 05:44:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 11:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 11:35:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 10:47:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Skype.exe7.1.0.105bc001d05be01df6f95b4C:\Program Files (x86)\Skype\Phone\Skype.exeaade4331-c7d3-11e4-ab4a-c39ce33ff254 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz Percentage of memory in use: 40% Total physical RAM: 8144.44 MB Available physical RAM: 4852.51 MB Total Pagefile: 16287.06 MB Available Pagefile: 12546.77 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:963.51 GB) NTFS Drive d: (WNDA3100v2) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1A2000CD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.03.2015, 08:03 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.03.2015, 12:48 | #5 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.Code:
ATTFilter ComboFix 15-03-09.01 - Alessio 13.03.2015 12:29:53.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8144.5277 [GMT 1:00] ausgeführt von:: c:\users\Alessio\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Local Settings\Temp c:\programdata\Local Settings\Temp\msyaravy.scr c:\windows\ico.ico c:\windows\msdownld.tmp c:\windows\SysWow64\Dump c:\windows\SysWow64\Dump\MiniDump.dmp c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\server.cfg c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((( Dateien erstellt von 2015-02-13 bis 2015-03-13 )))))))))))))))))))))))))))))) . . 2015-03-13 11:22 . 2015-03-13 11:22 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-03-13 11:11 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86616AE5-5CA0-442A-AA8E-174C4A0D0AB5}\mpengine.dll 2015-03-12 12:44 . 2015-03-12 12:46 -------- d-----w- C:\FRST 2015-03-12 12:19 . 2015-03-12 12:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2015-03-12 11:07 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-03-12 11:00 . 2015-03-09 10:32 372248 ----a-w- c:\windows\system32\LavasoftTcpService64.dll 2015-03-12 11:00 . 2015-03-09 10:32 325944 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll 2015-03-11 09:29 . 2015-02-03 03:31 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-03-11 09:28 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-03-11 09:26 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-03-11 09:26 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-03-11 09:09 . 2015-03-13 11:05 -------- d-----w- c:\users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D 2015-03-11 09:08 . 2015-03-11 09:09 -------- d-----w- c:\users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D 2015-03-11 09:06 . 2015-03-11 09:06 -------- d-----w- c:\users\Alessio\AppData\Local\F1F1D280-1426068395-11DD-896D-3085A9AF655D 2015-03-11 09:05 . 2015-03-12 23:03 -------- d-----w- c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D 2015-03-11 09:04 . 2015-03-11 09:04 -------- d-----w- c:\programdata\BlueStacksSetup 2015-03-11 09:04 . 2015-03-11 09:04 -------- d-----w- c:\users\Alessio\AppData\Local\Bluestacks 2015-03-11 09:04 . 2015-03-11 09:21 -------- d-----w- c:\programdata\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} 2015-03-11 09:04 . 2015-03-11 09:04 -------- d-----w- c:\programdata\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed} 2015-03-11 09:04 . 2015-03-11 09:04 -------- d-----w- c:\users\Alessio\AppData\Local\winengine 2015-03-08 10:49 . 2007-01-19 17:24 25312 ----a-r- c:\windows\system32\drivers\SCMNdisP.sys 2015-03-08 10:47 . 2011-12-12 16:42 1256192 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys 2015-03-08 10:47 . 2011-04-19 16:52 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll 2015-03-08 10:47 . 2011-04-19 16:31 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2015-03-08 10:47 . 2011-04-19 16:31 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll 2015-03-08 10:47 . 2010-06-09 12:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2015-03-08 10:47 . 2010-02-03 10:21 47632 ----a-w- c:\windows\system32\drivers\npf.sys 2015-03-08 10:47 . 2015-03-08 10:47 -------- d-----w- c:\program files (x86)\NETGEAR 2015-03-08 10:46 . 2015-03-08 10:46 -------- d-----w- c:\users\Alessio\AppData\Roaming\InstallShield 2015-02-21 10:34 . 2014-09-16 15:19 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22CCABEC-C6D1-46B7-A89C-2FEE49997410}\gapaengine.dll 2015-02-20 07:25 . 2015-02-20 07:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2015-02-19 10:11 . 2015-02-19 10:11 -------- d-----w- c:\users\Alessio\AppData\Local\Steam 2015-02-18 14:07 . 2015-02-18 14:07 -------- d-----w- C:\UpdateChromeLinksLogs 2015-02-18 14:06 . 2015-02-18 14:06 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2015-02-18 14:06 . 2015-02-18 14:06 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2015-02-18 14:06 . 2015-02-18 14:06 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2015-02-17 16:26 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll 2015-02-17 16:26 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll 2015-02-17 16:26 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll 2015-02-17 16:26 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll 2015-02-11 14:19 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll 2015-02-11 14:19 . 2015-02-04 03:16 894976 ----a-w- c:\windows\system32\appraiser.dll 2015-02-11 14:19 . 2015-02-04 03:13 1098752 ----a-w- c:\windows\system32\aeinv.dll 2015-02-11 14:19 . 2015-02-04 03:16 762368 ----a-w- c:\windows\system32\invagent.dll 2015-02-11 14:19 . 2015-02-04 03:16 414720 ----a-w- c:\windows\system32\devinv.dll 2015-02-11 14:19 . 2015-02-04 03:16 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-02-11 14:19 . 2015-02-04 03:16 192000 ----a-w- c:\windows\system32\aepic.dll 2015-02-11 14:19 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe 2015-02-11 14:18 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll 2015-02-11 14:18 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2015-02-11 14:18 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll 2015-02-11 14:18 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-03-11 09:57 . 2013-06-26 23:24 122905848 ----a-w- c:\windows\system32\MRT.exe 2015-03-05 13:48 . 2013-02-20 20:17 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-03-05 13:48 . 2013-02-20 20:17 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-16 15:20 . 2013-02-08 22:47 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-02-05 00:54 . 2012-12-29 21:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-05 00:54 . 2012-12-29 21:40 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-12-19 03:06 . 2015-01-14 14:43 210432 ----a-w- c:\windows\system32\profsvc.dll 2014-12-19 01:46 . 2015-01-14 14:43 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-02-18 2874048] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-05-11 438272] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-01-27 3619160] "Akamai NetSession Interface"="c:\users\Alessio\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "winengine"="c:\users\Alessio\AppData\Local\winengine\rkr0.exe" [2014-12-12 511416] "winengine2"="c:\users\Alessio\AppData\Local\winengine\rkr1.exe" [2014-12-12 511416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856] "4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story_DE\PrePatch.exe" [2013-02-19 327680] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968] "Sound Blaster Tactic3D Control Panel"="c:\program files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe" [2014-07-03 2091008] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-02-17 3978600] . c:\users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ SuperOptimizerInstaller.lnk - c:\programdata\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe /startup [2014-3-11 5838864] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe] "Debugger"=skskj.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\symerr.exe] "Debugger"=jtkyy.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 aclrtvfz;aclrtvfz;c:\windows\system32\drivers\aclrtvfz.sys;c:\windows\SYSNATIVE\drivers\aclrtvfz.sys [x] R1 dfxdnxpi;dfxdnxpi;c:\windows\system32\drivers\dfxdnxpi.sys;c:\windows\SYSNATIVE\drivers\dfxdnxpi.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Util Mountain Bike;Util Mountain Bike;c:\program files (x86)\Mountain Bike\bin\utilMountainBike.exe;c:\program files (x86)\Mountain Bike\bin\utilMountainBike.exe [x] R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x] R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x] R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x] R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x] R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130226.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130226.002\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 pumygydy;Border Width;c:\users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp;c:\users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 sufezyzy;Callout Drag And Drop;c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nso7EDF.tmp;c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nso7EDF.tmp [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 xebejehi;Graphic Design Multimedia;c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp;c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [x] S2 zizudobe;Hash Key Renew;c:\users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp;c:\users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [x] S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-03-12 17:08 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 00:54] . 2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29 21:40] . 2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29 21:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2011-03-31 8151040] . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsvchst.exe] "Debugger"=skskj.exe . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symerr.exe] "Debugger"=jtkyy.exe . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.de/?gws_rd=ssl uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> mSearchAssistant = Trusted Zone: aeriagames.com Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe Wow6432Node-HKLM-Run-Aeria Ignite - c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe Wow6432Node-HKLM-Explorer_Run-14206 - c:\progra~3\LOCALS~1\Temp\msyaravy.scr c:\users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LEVxCIdNFBMA.lnk - c:\users\Alessio\AppData\Local\Temp\LEVxCIdNFBMA.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe AddRemove-BandiMPEG1 - c:\program files (x86)\BandiMPEG1\uninstall.exe AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe AddRemove-Browser Updater_is1 - c:\program files (x86)\Browser Updater\unins000.exe AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\vxvj29up.default\extensions\cliqz@cliqz.com\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pumygydy] "ImagePath"="c:\users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sufezyzy] "ImagePath"="c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nso7EDF.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va013] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va016] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xebejehi] "ImagePath"="c:\users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\zizudobe] "ImagePath"="c:\users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\SysWOW64\rundll32.exe c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe c:\programdata\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe c:\program files (x86)\Creative\ShareDLL\CADI\NotiMan.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-03-13 12:44:41 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-03-13 11:44 . Vor Suchlauf: 25 Verzeichnis(se), 1.032.753.860.608 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 1.034.833.707.008 Bytes frei . - - End Of File - - 3CAA2A2AA7C4F26A0A1E32700C678BED A36C5E4F47E84449FF07ED3517B43A31 Also es öffnet immernoch internet tabs und bei dem revo installer da war nix mit reste löschen nach dem uninstall hat der nach überresten gesucht aber nichts gefunden und es gelassen also hab ich den 2ten schritt da garnicht machen können mit dem markiere alle löschen aber es ist auf jeden fall deinstalliert. Und dann noch das andere da mit dem installationsfenster das einfach mal so kommt das heißt AnyWhereAccesSetup Wizard. So und das hat nen shortcut auf dem desktop nachdem dein programm da durchgelaufen ist und ich rechtsklick dateipfad öffnen machte war da keiner und das wurde gelöscht jetzt grad eben kam wieder der AnyWhereAccesSetup und das shortcut ist wieder da und hat einen dateipfad Alessio/AppData/Local/Temp falls dir das weiterhilft.. ziemlich komisch das die datei dann wiederkommt obwohl sie gelöscht war. (das hab ich jz dazu editiert) Grad kam nochwas dazu jz sind irgendwelche wörter auf jeder seite markiert und unterstrichen und wenn ich drüber gehe werden mir werbeseiten angezeigt das wird immer komischer. Danke für deine Hilfe gruß Alessio Geändert von Alessio (13.03.2015 um 13:37 Uhr) |
13.03.2015, 17:22 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. wir sind ja auch noch nit fertig. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. |
13.03.2015, 18:42 | #7 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Vielen Dank schonmal bisher wie es aussieht hat es geklappt nachdem ich das junkware tool benutzt habe und hier die logs. Jz sind nur noch manche Wörter underlined und weisen auf Werbung hin. (das hab ich jetzt wieder dazu edited falls dus schon gelesen hast) dieser AnyWhereAccessSetup Wizard hat sich jz trzdem wieder geöffnet und die eine datei die der Adw cleaner gelöscht hat ist jz wieder auf meinem Desktop die heißt "ContinueLive Installation" Hoffe es hilft dir weiter is wohl doch noch nich verschwunden. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.03.2015 Suchlauf-Zeit: 18:05:28 Logdatei: Malware.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.13.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alessio Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 382227 Verstrichene Zeit: 8 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.WinEngine.A, C:\Users\Alessio\AppData\Local\winengine\rkr1.exe, 4744, , [a16941047812f44254c8c9e89f64eb15] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 9 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccsvchst.exe, , [0dfd3411a2e86ec8249a4a2e2dd7bf41], PUP.Optional.SpeedTestAnalysis.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kckgnnipheglejoddfhekdjpbdbinhmb, , [ee1c52f3c6c40b2be9d881769a697a86], Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccsvchst.exe, , [df2b1035cbbf6ec817a77bfde81c9b65], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, , [e426380d157525119ccf20b6be4505fb], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{ff148bd5}, , [68a244010486eb4be58613c320e325db], PUP.Optional.MountainBike.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Mountain Bike, , [e327a0a5e1a9ff3740ec713f12f18a76], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [b1591a2b4c3eb68032bc57bfc63f4cb4], PUP.Optional.FunMoods.A, HKU\S-1-5-21-4026364676-241273927-3108656300-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\funmoodsToolbar, , [fc0e84c14c3e2e08c7d6d143c63fa957], PUP.Optional.Linkey.A, HKU\S-1-5-21-4026364676-241273927-3108656300-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [51b9f55093f751e579e1fcaea3600bf5], Registrierungswerte: 6 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|14206, C:\PROGRA~3\LOCALS~1\Temp\msyaravy.scr, , [bb4f1b2afd8d181e9e50288fc34128d8] PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1368341829343&tguid=43169-3580-1368341829343-1E412300B57E10A25839CCBA161F0997&q=%s, , [ee1cb19478126ec8ba6bd603cb381ce4] Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|14206, C:\PROGRA~3\LOCALS~1\Temp\msyaravy.scr, , [35d548fd5832a294608e52651fe5827e] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, , [b1591a2b4c3eb68032bc57bfc63f4cb4], PUP.Optional.WinEngine.A, HKU\S-1-5-21-4026364676-241273927-3108656300-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|winengine, C:\Users\Alessio\AppData\Local\winengine\rkr0.exe, , [917951f44d3d2412f5275160b94ace32] PUP.Optional.WinEngine.A, HKU\S-1-5-21-4026364676-241273927-3108656300-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|winengine2, C:\Users\Alessio\AppData\Local\winengine\rkr1.exe, , [a16941047812f44254c8c9e89f64eb15] Registrierungsdaten: 1 PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-4026364676-241273927-3108656300-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1368341829343&tguid=43169-3580-1368341829343-1E412300B57E10A25839CCBA161F0997&q=%s, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1368341829343&tguid=43169-3580-1368341829343-1E412300B57E10A25839CCBA161F0997&q=%s),,[0cfe54f1c9c182b455d1ebfdab5aec14] Ordner: 4 Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN, , [e62453f292f88aacf52529e258adb14f], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\mz, , [b258ab9a6d1d16207de42e66b74c0ef2], Dateien: 45 PUP.Optional.OptimizerPR0, C:\ProgramData\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed}\OptimizerProInstaller.exe, , [4dbdda6b0a80043241e98ea2f012857b], PUP.BitcoinMiner, C:\Users\Alessio\AppData\Roaming\SODXN\coinutil.dll, , [dd2d78cd15750e28342165c03bc6b54b], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\SODXN\miner.dll, , [81892c19f7939f976b3927c8649cb848], Trojan.BitMiner, C:\Users\Alessio\AppData\Roaming\SODXN\program.exe, , [c14933127614d95d99abbb4618e934cc], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\SODXN\usft_ext.dll, , [6b9f8bbadcae5ed8a468c056cf32e818], PUP.BitcoinMiner, C:\Users\Alessio\AppData\Roaming\Uisbb\coinutil.dll, , [24e62124256586b0371e64c1926fb64a], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\Uisbb\miner.dll, , [27e398adeb9f7cba31738f6098685ca4], Trojan.BitMiner, C:\Users\Alessio\AppData\Roaming\Uisbb\program.exe, , [8b7fa1a4e7a3b87e083c39c8976a1be5], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\Uisbb\usft_ext.dll, , [22e8c08524665bdbe22a8c8aff021be5], PUP.BitcoinMiner, C:\Users\Alessio\AppData\Roaming\gFtOF\coinutil.dll, , [5eac89bc1e6ca4927fd645e007fa51af], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\gFtOF\miner.dll, , [12f8271e06841323e8bc529dce320ff1], Trojan.BitMiner, C:\Users\Alessio\AppData\Roaming\gFtOF\program.exe, , [40ca380ddeac63d3f351867bcb3642be], PUP.BitCoinMiner, C:\Users\Alessio\AppData\Roaming\gFtOF\usft_ext.dll, , [b65454f15733f2448b81d4426d94d828], PUP.Optional.Popeler, C:\Users\Alessio\Downloads\Castle%20Clash.exe, , [8387fd48cac0013561f26467a3625fa1], PUP.Optional.Conduit.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kppnoegbbaphhibbpdojjiehofchhdgk_0.localstorage, , [46c4083d8208c571106f506607fc3fc1], Trojan.JobX, C:\Windows\System32\Tasks\Windows Update Check - 0x05B00174, , [ec1ed5706d1da4926214488c2ed58d73], PUP.Optional.Incredibar.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, , [cc3e2b1a5e2c3ef8f91202e6748fcf31], Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN\phatk.ptx, , [e62453f292f88aacf52529e258adb14f], Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN\coinutil.dll, , [e62453f292f88aacf52529e258adb14f], Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN\miner.dll, , [e62453f292f88aacf52529e258adb14f], Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN\phatk.cl, , [e62453f292f88aacf52529e258adb14f], Trojan.Agent.MNR, C:\Users\Alessio\AppData\Roaming\SODXN\usft_ext.dll, , [e62453f292f88aacf52529e258adb14f], PUP.Optional.Desk365.A, C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk, , [da301134107ac86ed1e046d0f60f3fc1], PUP.Optional.WinEngine.A, C:\Users\Alessio\AppData\Local\winengine\rkr0.exe, , [917951f44d3d2412f5275160b94ace32], PUP.Optional.WinEngine.A, C:\Users\Alessio\AppData\Local\winengine\rkr1.exe, , [a16941047812f44254c8c9e89f64eb15], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\background.html, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\bg.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\ci.bg.pack.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\ci.browser.helper.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\ci.content.pack.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\content.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon128.png, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon16.png, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon24.ico, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon24.png, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon32.ico, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon32.png, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\icon48.png, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\jquery-1.6.2.min.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\jquery.uuid.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\manifest.json, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\popup.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\settings.json, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\mz\background.js, , [b258ab9a6d1d16207de42e66b74c0ef2], PUP.Optional.SpeedTestAnalysis.A, C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_1\mz\content.js, , [b258ab9a6d1d16207de42e66b74c0ef2], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 13/03/2015 um 18:27:30 # Aktualisiert 09/03/2015 von Xplode # Datenbank : 2015-03-05.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Alessio - ALESSIO-PC # Gestarted von : C:\Users\Alessio\Downloads\AdwCleaner_4.112(6).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Alessio\Desktop\Continue Live Installation.lnk ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.1 (x86 de) -\\ Google Chrome v41.0.2272.89 -\\ Comodo Dragon v ************************* AdwCleaner[R0].txt - [53321 Bytes] - [14/09/2014 21:49:47] AdwCleaner[R10].txt - [2323 Bytes] - [13/03/2015 01:01:05] AdwCleaner[R11].txt - [2443 Bytes] - [13/03/2015 18:26:06] AdwCleaner[R1].txt - [1122 Bytes] - [13/10/2014 22:11:03] AdwCleaner[R2].txt - [1894 Bytes] - [03/11/2014 18:10:02] AdwCleaner[R3].txt - [5695 Bytes] - [18/12/2014 16:17:38] AdwCleaner[R4].txt - [1562 Bytes] - [04/02/2015 16:12:20] AdwCleaner[R5].txt - [13744 Bytes] - [11/03/2015 10:11:23] AdwCleaner[R6].txt - [1891 Bytes] - [11/03/2015 10:33:44] AdwCleaner[R7].txt - [1805 Bytes] - [11/03/2015 10:40:12] AdwCleaner[R8].txt - [2402 Bytes] - [11/03/2015 18:01:50] AdwCleaner[R9].txt - [3225 Bytes] - [12/03/2015 12:21:45] AdwCleaner[S0].txt - [47786 Bytes] - [14/09/2014 21:50:45] AdwCleaner[S10].txt - [2385 Bytes] - [13/03/2015 01:02:38] AdwCleaner[S11].txt - [1832 Bytes] - [13/03/2015 18:27:30] AdwCleaner[S1].txt - [1078 Bytes] - [13/10/2014 22:13:05] AdwCleaner[S2].txt - [1901 Bytes] - [03/11/2014 18:11:59] AdwCleaner[S3].txt - [5302 Bytes] - [18/12/2014 16:20:43] AdwCleaner[S4].txt - [1623 Bytes] - [04/02/2015 16:14:29] AdwCleaner[S5].txt - [12027 Bytes] - [11/03/2015 10:15:50] AdwCleaner[S6].txt - [1952 Bytes] - [11/03/2015 10:36:00] AdwCleaner[S7].txt - [1866 Bytes] - [11/03/2015 10:43:45] AdwCleaner[S8].txt - [2463 Bytes] - [11/03/2015 18:04:21] AdwCleaner[S9].txt - [3286 Bytes] - [12/03/2015 12:23:23] ########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2424 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 7 Home Premium x64 Ran by Alessio on 13.03.2015 at 18:34:12,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211771193} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211771193} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Alessio\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\Alessio\appdata\local\cre" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Alessio\AppData\Roaming\mozilla\firefox\profiles\yx9kfsx8.default-1418917023564\prefs.js user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); user_pref("browser.search.searchengine.ptid", "ima"); user_pref("browser.search.searchengine.uid", "ST2000DM001-9YN164_Z1E1P2PCXXXXZ1E1P2PC"); Emptied folder: C:\Users\Alessio\AppData\Roaming\mozilla\firefox\profiles\yx9kfsx8.default-1418917023564\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.03.2015 at 18:36:39,29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Alessio (administrator) on ALESSIO-PC on 13-03-2015 18:38:02 Running from C:\Users\Alessio\Downloads Loaded Profiles: Alessio (Available profiles: Alessio) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7F88.tmp (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe () C:\Windows\System32\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Super PC Tools Ltd) C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-11] (NEXON Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) IFEO\symerr.exe: [Debugger] jtkyy.exe Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52166;https=127.0.0.1:52166 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-17] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-01] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL [2012-06-21] (Symantec Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-01] (Symantec Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564 FF Homepage: https://www.google.de/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-14] (Nexon) FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4026364676-241273927-3108656300-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alessio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS) FF Extension: Zoom It - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{89322f21-4dab-1726-6081-084c403dcecf} [2015-03-13] FF Extension: Adblock Plus - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2012-12-30] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2015-03-13] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi FF HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\vxvj29up.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Docs) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16] CHR Extension: (Gmail) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814976 2015-02-06] () R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-12-07] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 neverode; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7F88.tmp [207872 2015-03-13] () [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [123320 2011-11-07] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-14] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-15] () R2 pumygydy; C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [211456 2015-03-11] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] () R2 xebejehi; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [91648 2015-03-11] () [File not signed] R2 zizudobe; C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [94720 2015-03-11] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-30] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130226.002\IDSvia64.sys [513184 2012-12-28] (Symantec Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130227.003\ENG64.SYS [126192 2013-01-19] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130227.003\EX64.SYS [2087664 2013-01-19] (Symantec Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S1 aclrtvfz; \??\C:\Windows\system32\drivers\aclrtvfz.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 dfxdnxpi; \??\C:\Windows\system32\drivers\dfxdnxpi.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 18:38 - 2015-03-13 18:38 - 00025452 _____ () C:\Users\Alessio\Downloads\FRST.txt 2015-03-13 18:36 - 2015-03-13 18:36 - 00001725 _____ () C:\Users\Alessio\Desktop\JRT.txt.txt 2015-03-13 18:33 - 2015-03-13 18:33 - 01388333 _____ (Thisisu) C:\Users\Alessio\Desktop\JRT.exe 2015-03-13 18:25 - 2015-03-13 18:31 - 00002505 _____ () C:\Users\Alessio\Desktop\AdwCleaner.txt.txt 2015-03-13 18:24 - 2015-03-13 18:24 - 02171392 _____ () C:\Users\Alessio\Downloads\AdwCleaner_4.112(6).exe 2015-03-13 18:16 - 2015-03-13 18:16 - 00012277 _____ () C:\Users\Alessio\Desktop\mbam.txt.txt 2015-03-13 18:05 - 2015-03-13 18:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-13 18:04 - 2015-03-13 18:04 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-13 18:03 - 2015-03-13 18:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Alessio\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-13 12:44 - 2015-03-13 12:44 - 00029781 _____ () C:\ComboFix.txt 2015-03-13 12:28 - 2015-03-13 12:44 - 00000000 ____D () C:\Qoobox 2015-03-13 12:28 - 2015-03-13 12:43 - 00000000 ____D () C:\Windows\erdnt 2015-03-13 12:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-13 12:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-13 12:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-13 12:26 - 2015-03-13 12:27 - 05613296 ____R (Swearware) C:\Users\Alessio\Desktop\ComboFix.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alessio\Downloads\revosetup95.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 00001264 _____ () C:\Users\Alessio\Desktop\Revo Uninstaller.lnk 2015-03-13 12:22 - 2015-03-13 12:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-12 13:46 - 2015-03-12 13:46 - 00038976 _____ () C:\Users\Alessio\Desktop\Addition1.txt 2015-03-12 13:45 - 2015-03-12 13:46 - 00068301 _____ () C:\Users\Alessio\Desktop\FRST1.txt 2015-03-12 13:44 - 2015-03-13 18:38 - 00000000 ____D () C:\FRST 2015-03-12 13:44 - 2015-03-12 13:44 - 02095616 _____ (Farbar) C:\Users\Alessio\Downloads\FRST64.exe 2015-03-12 13:19 - 2015-03-12 13:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-12 12:00 - 2015-03-09 11:32 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-12 12:00 - 2015-03-09 11:32 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00830600 _____ (Internet software ) C:\Users\Alessio\Downloads\adobe_flash_setup.exe 2015-03-11 14:31 - 2015-03-11 14:32 - 00000000 ____D () C:\Users\Alessio\Desktop\YT Dlds 2015-03-11 14:30 - 2015-03-11 14:30 - 11123720 _____ () C:\Users\Alessio\Downloads\YTDSetup.exe 2015-03-11 11:46 - 2015-03-11 11:46 - 00243528 _____ () C:\Users\Alessio\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-11 10:30 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 10:30 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 10:30 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 10:30 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 10:30 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 10:30 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 10:30 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 10:30 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 10:30 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 10:30 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 10:30 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 10:30 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 10:30 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 10:30 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 10:30 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 10:29 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 10:29 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 10:29 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 10:29 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 10:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 10:29 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 10:29 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 10:28 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 10:28 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 10:28 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 10:28 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 10:28 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 10:28 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 10:28 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 10:28 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 10:28 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 10:28 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 10:28 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 10:28 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 10:28 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 10:28 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 10:28 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 10:28 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 10:28 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 10:28 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 10:28 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 10:28 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 10:28 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 10:28 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 10:28 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 10:28 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 10:28 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 10:28 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 10:28 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 10:28 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 10:28 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 10:26 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 10:26 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 10:09 - 2015-03-13 18:34 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D 2015-03-11 10:08 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D 2015-03-11 10:06 - 2015-03-11 10:06 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068395-11DD-896D-3085A9AF655D 2015-03-11 10:05 - 2015-03-13 16:37 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D 2015-03-11 10:04 - 2015-03-13 18:18 - 00000000 ____D () C:\Users\Alessio\AppData\Local\winengine 2015-03-11 10:04 - 2015-03-13 18:17 - 00000000 ____D () C:\ProgramData\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed} 2015-03-11 10:04 - 2015-03-11 10:21 - 00000000 ____D () C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Bluestacks 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-03-08 11:51 - 2015-03-08 11:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2015-03-08 11:49 - 2007-01-19 18:24 - 00025312 ____R (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2015-03-08 11:47 - 2015-03-08 11:47 - 00000000 ____D () C:\Program Files (x86)\NETGEAR 2015-03-08 11:47 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2015-03-08 11:47 - 2011-04-19 17:52 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-03-08 11:47 - 2010-06-09 13:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-03-08 11:46 - 2015-03-08 11:46 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\InstallShield 2015-03-06 15:47 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-04 21:59 - 2015-03-04 22:00 - 00000000 ____D () C:\Users\Alessio\Desktop\AoT 2015-02-26 11:37 - 2015-02-27 11:05 - 00000391 _____ () C:\Users\Alessio\Desktop\Miss.txt 2015-02-25 11:19 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:19 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157(1).exe 2015-02-24 14:36 - 2015-03-05 14:42 - 00001194 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk 2015-02-24 14:36 - 2015-03-05 14:42 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-02-19 11:11 - 2015-02-19 11:11 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Steam 2015-02-18 15:06 - 2015-02-18 15:06 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-18 00:19 - 2015-02-18 09:41 - 00019627 _____ () C:\Users\Alessio\Desktop\ALN.odt 2015-02-17 23:12 - 2015-02-17 23:13 - 00000582 _____ () C:\Users\Alessio\Desktop\Jokes.txt 2015-02-17 23:10 - 2015-02-17 23:54 - 00000140 _____ () C:\Users\Alessio\Desktop\Quellen.txt 2015-02-17 17:26 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-17 17:26 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-15 12:14 - 2015-02-15 12:14 - 00000222 _____ () C:\Users\Alessio\Desktop\GunZ 2 The Second Duel.url 2015-02-11 15:19 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 15:19 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 15:19 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 15:19 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 15:18 - 2015-02-11 15:18 - 00003550 _____ () C:\Users\Alessio\Desktop\AOT.txt 2015-02-11 15:18 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 15:18 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 15:18 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 15:18 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 18:37 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-13 18:37 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-13 18:35 - 2012-12-30 04:03 - 01200277 _____ () C:\Windows\WindowsUpdate.log 2015-03-13 18:34 - 2013-01-06 14:31 - 00000000 ____D () C:\Users\Alessio\AppData\Local\CrashDumps 2015-03-13 18:31 - 2013-05-25 11:40 - 00000000 ____D () C:\ProgramData\Origin 2015-03-13 18:31 - 2012-12-29 23:16 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Skype 2015-03-13 18:30 - 2013-02-08 23:46 - 00000000 ____D () C:\Users\Alessio\AppData\Local\LogMeIn Hamachi 2015-03-13 18:29 - 2013-05-25 11:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-13 18:29 - 2012-12-30 12:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-13 18:29 - 2012-12-29 22:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-13 18:29 - 2009-07-14 05:51 - 00295083 _____ () C:\Windows\setupact.log 2015-03-13 18:28 - 2012-12-30 04:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-13 18:28 - 2010-11-21 04:47 - 00693784 _____ () C:\Windows\PFRO.log 2015-03-13 18:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-13 18:27 - 2014-09-14 21:49 - 00000000 ____D () C:\AdwCleaner 2015-03-13 18:17 - 2013-03-26 22:13 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\gFtOF 2015-03-13 18:17 - 2013-03-26 19:49 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Uisbb 2015-03-13 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-03-13 18:07 - 2012-12-29 22:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-13 17:54 - 2013-02-25 18:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-13 12:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-13 12:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-13 12:35 - 2009-07-14 03:34 - 67633152 _____ () C:\Windows\system32\config\software.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-03-12 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 12:39 - 2013-03-16 10:54 - 00000000 ____D () C:\Fraps 2015-03-12 12:00 - 2015-01-08 14:15 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Adobe 2015-03-11 17:57 - 2013-06-25 16:00 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Warframe 2015-03-11 11:44 - 2012-12-29 22:40 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Google 2015-03-11 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 11:34 - 2009-07-14 05:45 - 00346416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:04 - 2013-08-15 22:25 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 10:57 - 2013-06-27 00:24 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 10:15 - 2012-12-30 04:07 - 00000999 _____ () C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-08 11:54 - 2011-04-12 08:43 - 01283404 _____ () C:\Windows\system32\perfh007.dat 2015-03-08 11:54 - 2011-04-12 08:43 - 00331438 _____ () C:\Windows\system32\perfc007.dat 2015-03-08 11:54 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 11:47 - 2012-12-30 04:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 14:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-05 22:35 - 2013-01-25 22:54 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\TS3Client 2015-03-05 20:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-24 14:41 - 2013-05-27 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ____D () C:\ProgramData\Skype 2015-02-18 15:28 - 2014-11-20 18:02 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Dxtory Software 2015-02-18 15:07 - 2014-10-13 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-18 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-17 18:04 - 2013-12-04 20:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\ArmA 2 OA 2015-02-16 16:20 - 2013-02-08 23:47 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-02-16 10:45 - 2015-01-25 19:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2015-02-12 14:06 - 2014-12-12 12:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 14:06 - 2014-05-06 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 23:37 - 2014-04-15 16:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 23:36 - 2013-03-02 18:41 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-11 23:36 - 2013-03-02 18:41 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-11 23:36 - 2013-03-02 18:41 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-11 23:35 - 2013-03-02 18:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client ==================== Files in the root of some directories ======= 2013-03-26 21:37 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe 2013-05-31 19:27 - 2013-08-27 13:18 - 0036864 _____ () C:\Users\Alessio\AppData\Roaming\RZR_0060f45e48b3b0e8dcec4d8da47b.db 2013-03-26 23:10 - 2013-03-26 23:10 - 0004743 _____ () C:\Users\Alessio\AppData\Roaming\ss.png 2013-03-26 21:22 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak 2013-09-22 20:14 - 2014-09-07 17:46 - 0000177 _____ () C:\Users\Alessio\AppData\Roaming\WB.CFG 2013-12-02 19:36 - 2014-04-11 15:36 - 0012800 _____ () C:\Users\Alessio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-01 14:44 - 2014-11-01 14:44 - 0002227 _____ () C:\Users\Alessio\AppData\Local\recently-used.xbel 2013-05-14 13:07 - 2013-05-14 13:07 - 0024128 _____ () C:\Users\Alessio\AppData\Local\Temp1.jpg Some content of TEMP: ==================== C:\Users\Alessio\AppData\Local\Temp\Quarantine.exe C:\Users\Alessio\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 15:16 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Alessio at 2015-03-13 18:38:29 Running from C:\Users\Alessio\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Story DE 4.1.176 (HKLM-x32\...\4Story_DE_is1) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - ) aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version: - Browser Updater) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.11 - Cliqz.com) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ Commander (HKLM-x32\...\{D4BA1D6D-DACD-4411-9DEC-6BEE3793277E}) (Version: 0.92.95 - Dotjosh Studios) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) GDMO (HKLM-x32\...\DMO) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment) GunZ2 (HKLM-x32\...\GunZ2) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1311.20) (Version: 3.6.1311.20 - Solveig Multimedia) Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.15.96 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{9fe8a752-f74c-45c7-a712-1398de096d70}) (Version: latest - ppy Pty Ltd) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) S4 League (HKLM-x32\...\S4 League) (Version: - ) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Shutdown Timer (HKLM-x32\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios) Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited) Spider-Man 3 (TM) (HKLM-x32\...\InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}) (Version: 1.00.0000 - Activision) Spider-Man 3(TM) (x32 Version: 1.00.0000 - Activision) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games) TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version: - NCH Software) Vindictus EU (HKLM-x32\...\Vindictus EU) (Version: - ) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) winengine (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-03-2015 14:26:30 Windows Update 08-03-2015 11:46:26 Installiert NETGEAR WNDA3100v2 wireless USB 2.0 driver 08-03-2015 11:49:31 Gerätetreiber-Paketinstallation: NETGEAR Inc. Netzwerkprotokoll 09-03-2015 12:12:55 Windows Update 11-03-2015 10:55:42 Windows Update 12-03-2015 11:59:07 LavasoftWeCompanion 12-03-2015 12:02:54 LavasoftWeCompanion 13-03-2015 12:24:05 Revo Uninstaller's restore point - Speed Test Analysis ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-13 12:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E2B83DC-C03A-45CB-AD4F-16ECBAAA06CA} - System32\Tasks\{FB710A8C-3F20-4037-BA9F-2279DB8C60CE} => C:\Users\Alessio\Desktop\Spiele\Cube World\Server.exe Task: {1D71DD0D-918A-411F-8C1F-C38D3F4B92A9} - System32\Tasks\{B712CEDA-CB66-487A-B1D0-16FCF3833331} => pcalua.exe -a C:\Users\Alessio\Downloads\pb35setup.exe -d C:\Users\Alessio\Downloads Task: {1ED6DB81-95D4-4B4A-93C3-3B61C2869614} - System32\Tasks\{3B21737A-2EEE-4B80-9791-0CA45E4EAF79} => pcalua.exe -a "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2\instmsiw.exe" -d "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2" Task: {247C1470-0DD9-41AA-A141-37540BCC668C} - System32\Tasks\{ECC14FBB-A210-44BF-8D17-90CFAE26A593} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar Task: {2EF31754-B9D1-40E1-80B1-903CE51B89E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {35596071-9BC2-41E5-B2B9-C49C82FFD345} - System32\Tasks\{960ABE80-50A4-4F97-828F-A3F8E9D4AF23} => pcalua.exe -a C:\Users\Alessio\Desktop\CS2_RetNon_Ger_2.exe -d C:\Users\Alessio\Desktop Task: {3FEDD910-5225-45A1-9ED3-6D2FC0133681} - System32\Tasks\{DDB1CD15-9B67-416D-B21D-5EBEDD2258B6} => C:\Users\Alessio\Desktop\Spiele\Leagues of Legends\Dateipad\lol.launcher.exe [2012-04-24] () Task: {43DC7FE8-7A84-4957-9976-FC78A4C5E65C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {4CBDEA00-DB3A-47F5-8938-A1DBB93E4E9F} - System32\Tasks\{F555DCF7-5330-4992-8D0E-44803962035A} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=Angry Birds Space Bundle by SweetPacks" Task: {5116F59E-BFC1-4DEC-B583-AF8D98340A93} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION Task: {6A9CB896-454F-4215-8A53-491B65F633CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {6ABE04FA-43E5-4FD2-9A16-F47C36BE603E} - System32\Tasks\{E76D057E-E5CC-451F-A489-35E0711C5B54} => pcalua.exe -a "C:\Users\Alessio\Desktop\Spiele\Cube World\CubeLauncher.exe" -d "C:\Users\Alessio\Desktop\Spiele\Cube World" Task: {6B5BF2CD-A7A4-43DB-BEBF-2B5C73F1B284} - System32\Tasks\{59712F7F-602B-4259-BC4A-F548DA1D39C8} => pcalua.exe -a C:\Users\Alessio\Downloads\S4_League.exe -d C:\Users\Alessio\Downloads Task: {776CE386-3FF0-44F2-9329-DEA6CD841DC7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {798E7F0A-8A24-4746-B159-10A30453F181} - System32\Tasks\{A5848A69-81AF-4E23-94FE-FF5D088EF999} => pcalua.exe -a "C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {804B9EB3-6929-4223-B074-1C73241530F9} - System32\Tasks\{C4B7EC27-61A6-4F4A-AB88-42C1FC45D781} => pcalua.exe -a C:\Users\Alessio\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION Task: {809E5053-971E-4266-A206-18A382E1A764} - \Windows Update Check - 0x05B00174 No Task File <==== ATTENTION Task: {A2355A77-DABF-4F47-8816-514349A52D56} - System32\Tasks\{AB2A9000-5877-4F39-ABD8-165203A76308} => C:\Program Files (x86)\S4League\patcher_s4.exe Task: {ACAE00EF-7BE7-4867-8B68-EF3912A49A8A} - System32\Tasks\{9425F20D-C1BE-4D99-BCBD-82AD7F4A72C7} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {B14A17CA-B4E5-47BB-8CEE-284D553D2AA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {B48C1041-F6D2-4432-B57A-53D52830AC20} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {C355A1C9-D143-4253-A2F6-125B60A794A0} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Alessio\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe Task: {C8779DCA-8234-45DC-B195-770DCFC0E0E2} - System32\Tasks\{43ED0757-E288-4FDA-9F7B-48A48A47A945} => pcalua.exe -a "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0\Multi[Installer] v1.0.exe" -d "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0" Task: {DAFB7EC2-4535-447E-B6F1-CE356597BB61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-12-30 04:26 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-13 16:37 - 2015-03-13 16:37 - 00207872 _____ () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsj7F88.tmp 2014-07-14 12:08 - 2014-07-14 12:08 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2015-03-11 10:09 - 2015-03-11 10:09 - 00211456 _____ () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp 2013-05-11 18:40 - 2013-05-11 18:40 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe 2015-03-11 10:06 - 2015-03-11 10:06 - 00091648 _____ () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp 2015-03-11 10:08 - 2015-03-11 10:09 - 00094720 _____ () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-03-25 13:23 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 13:52 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2012-12-30 12:10 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-12-30 12:10 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-10-21 21:55 - 2014-03-24 09:37 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2014-10-21 21:55 - 2014-03-24 09:33 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2015-02-05 01:54 - 2015-02-05 01:54 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LEVxCIdNFBMA.lnk => C:\Windows\pss\LEVxCIdNFBMA.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lkYsOYc1bJT0.lnk => C:\Windows\pss\lkYsOYc1bJT0.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VnjnJP5w6eXE.lnk => C:\Windows\pss\VnjnJP5w6eXE.lnk.Startup ==================== Accounts: ============================= Administrator (S-1-5-21-4026364676-241273927-3108656300-500 - Administrator - Disabled) Alessio (S-1-5-21-4026364676-241273927-3108656300-1000 - Administrator - Enabled) => C:\Users\Alessio Gast (S-1-5-21-4026364676-241273927-3108656300-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4026364676-241273927-3108656300-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Ethernet-Controller Description: Ethernet-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-03-13 12:34:35.200 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-13 12:34:35.171 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz Percentage of memory in use: 38% Total physical RAM: 8144.44 MB Available physical RAM: 4997.94 MB Total Pagefile: 16287.06 MB Available Pagefile: 13339.53 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:963.73 GB) NTFS Drive d: (WNDA3100v2) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1A2000CD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von Alessio (13.03.2015 um 18:55 Uhr) |
14.03.2015, 09:44 | #8 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.03.2015, 14:18 | #9 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Okay hallo also hab jz alles gemacht und die logs für dich aber ich hab immernoch das problem das manche wörter einfach doppelt unterstrichen sind und wenn ich dann mit der maus drübergehe mir werbeseiten angezeigt werden.. Hier jz die logs ESET log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=1f484b2b242e9c40ad3482c2a759ff83 # engine=22905 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-14 12:52:01 # local_time=2015-03-14 01:52:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3591 16777213 100 95 65064609 188934106 0 0 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 2646961 67647237 0 0 # scanned=418871 # found=70 # cleaned=0 # scan_time=7862 sh=8E9CABD502F9FCCBEA6B41CBA0130B0446D54445 ft=1 fh=2878de3d76f4abec vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\eUninstall.exe.vir" sh=135464CE561FF39D0B1CFFFBB0585EAC81479D3C ft=1 fh=964e4afe2acf1cf7 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\TrayDownloader.exe.vir" sh=167EF63E3FBACFCEC91AF39F9D2F6C6EF65CE1C3 ft=1 fh=ead1c2f78ed6d50e vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FilesFrog Update Checker\update_checker.exe.vir" sh=7FCFCA82B578B420E6E7839B096645FAD498B50C ft=1 fh=5c5f724fbf0e5e5d vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_300\gamesdesktop_widget.exe.vir" sh=59A66D4D07B7D44C8B3AFA3320E046DF905EDE8D ft=1 fh=cb26fbf7333a44b9 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_300\gmsd_de_300.exe.vir" sh=186729B392AA006D2378BC474951BFBC98392F46 ft=1 fh=98b2073acca30d49 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_300\predm.exe.vir" sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH_DE\hk64tbNCH_.dll.vir" sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH_DE\hktbNCH_.dll.vir" sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH_DE\ldrtbNCH_.dll.vir" sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH_DE\prxtbNCH_.dll.vir" sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH_DE\tbNCH_.dll.vir" sh=8C8E2A338F04848E754C25DC19C1430580D462C6 ft=1 fh=f76e2c97d8443672 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir" sh=AEA1F8ECDBFE8E7BD55BCA9B24160C99A58F655B ft=1 fh=00817a312f73db7a vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir" sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir" sh=987B7AAE8131855FE75145719FF5F076B2299C97 ft=1 fh=712332c590681590 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir" sh=454CD903C123F611BCB0570843035C0A79F4982C ft=1 fh=cd56a5d579cc2e31 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir" sh=CD37191EE4233E55E613DD2D34DA1620EC9752E6 ft=1 fh=779e3b53bab7b8cc vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir" sh=20EB765F8AC452AFA69069CB8741BEE918A386BF ft=1 fh=4ef03ab93070aee7 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir" sh=14E7D1DB36B816A980F4CE58EF5833FA2393AEAD ft=1 fh=76649c45e05ece35 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=3814FD86159C905175186F3054C94BF81E073593 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\CRE\kppnoegbbaphhibbpdojjiehofchhdgk.crx.vir" sh=76AB62BE35E54C2F2B53BFFD162B92F1205F76BD ft=1 fh=d18099ba65173554 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\DownloadGuide\Offers\autocompletepro.exe.vir" sh=DE4CDF1AFF3E2BC3D06F3DCED89E3D141EFF7035 ft=1 fh=8cdae1047747df39 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\DownloadGuide\Offers\iminent.exe.vir" sh=FDC5905E965609B2355DCA38C87462780158F2E6 ft=1 fh=5ed4a552f23616fc vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\gmsd_de_300\upgmsd_de_300.exe.vir" sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppnoegbbaphhibbpdojjiehofchhdgk\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppnoegbbaphhibbpdojjiehofchhdgk\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppnoegbbaphhibbpdojjiehofchhdgk\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=A82C9997BED4FAF04183B6900595DFF29782D979 ft=1 fh=cb8f9c5cda147f68 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Local\Temp\Security Systems\Setup.exe.vir" sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\LocalLow\NCH_DE\hk64tbNCH_.dll.vir" sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\LocalLow\NCH_DE\hktbNCH_.dll.vir" sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\LocalLow\NCH_DE\ldrtbNCH_.dll.vir" sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\LocalLow\NCH_DE\tbNCH_.dll.vir" sh=9A50BF1CAC5B83C6F72C665F7C5B1C33D3AE30AD ft=1 fh=caf3d268e5fdccf7 vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir" sh=A94193F8F62F1D07E1C5DE2F7F91500E7C526DAF ft=1 fh=28a9044a9bcbdffd vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\eDownload\CouponDropDown.exe.vir" sh=9818FE23A2C33609A3088B1E4B346FC15CC0845E ft=1 fh=a5ce0c8be77cb07c vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\eIntaller\11C10AC8A52D4f99BE9186F0ED790C1E\Desk365.exe.vir" sh=3F7FB4678AB70D7B1AE86EF7001920862DF2B504 ft=1 fh=ece89d0abb04edde vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\eIntaller\146E938A17C2417a9744D6EAD8AF85BC\dp.exe.vir" sh=816253DA66EB58DB4848E70DA052BBC0F06503DF ft=1 fh=6274a150e0464672 vn="Variante von Win32/ELEX.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\eIntaller\146E938A17C2417a9744D6EAD8AF85BC\eXQ.exe.vir" sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alessio\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=1DE85E0DB64E997AE9C9470C8A5B34DA283E0B47 ft=1 fh=0f76cd8780b17e40 vn="Win32/Adware.SpeedingUpMyPC.Y Anwendung" ac=I fn="C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe" sh=355D3E754738E38C98270040F13C4BD323969DB1 ft=1 fh=c71c0011c35ba1fc vn="Variante von Win32/Adware.ConvertAd.CH Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\onst5341.tmp" sh=70B33539146A0DE4A55DDF042D99D167A5B741A6 ft=1 fh=2b581d40ebeda32e vn="Win32/Adware.AdService.AZ Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp" sh=70B33539146A0DE4A55DDF042D99D167A5B741A6 ft=1 fh=2b581d40ebeda32e vn="Win32/Adware.AdService.AZ Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V9LAKNX\SU_Srv[1].exe" sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZN00QN1\OfferInstaller[2].exe" sh=C06D006CD3FA2BDE4BE596BD8A98CC409A616AA3 ft=1 fh=98cfe6578021772b vn="Variante von Win32/Adware.ConvertAd.CP Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PFV0DOM\VOsrv[1].exe" sh=CC128E17C434066258204F7C606DAC2C7CF85B17 ft=1 fh=37c25389a72f12c6 vn="Variante von Win32/BrowseFox.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\BetweenLines[1].dll" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\Setup[1].exe" sh=355D3E754738E38C98270040F13C4BD323969DB1 ft=1 fh=c71c0011c35ba1fc vn="Variante von Win32/Adware.ConvertAd.CH Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3F7B5UX\Update_Notifier[1].exe" sh=C5D4F67645A58F011294C69BD119EA1995AADC9D ft=1 fh=57a6ba61a35e7ac7 vn="Win32/Adware.AdService.AY Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q46ZAFB6\JOSrv[1].exe" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFFRVSD\Setup[1].exe" sh=FDCF116C61C82BB3D3D74C3E46DC9427B43A4EEA ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\Alessio\AppData\Local\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\cache2\entries\72D30242E5365DEDF13376EBFC181995B1B41CEA" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsd24D6.tmp" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsn66E4.tmp" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nss3B23.tmp" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\nsd24D6.tmp" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\nsn66E4.tmp" sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\AppData\Local\Temp\nss3B23.tmp" sh=24BBC0F7E797E024FE83A114E69007C2E1863650 ft=1 fh=cf221a6b15f221c4 vn="Variante von MSIL/Agent.EX Trojaner" ac=I fn="C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe" sh=24BBC0F7E797E024FE83A114E69007C2E1863650 ft=1 fh=cf221a6b15f221c4 vn="Variante von MSIL/Agent.EX Trojaner" ac=I fn="C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak" sh=C5D4F67645A58F011294C69BD119EA1995AADC9D ft=1 fh=57a6ba61a35e7ac7 vn="Win32/Adware.AdService.AY Anwendung" ac=I fn="C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp" sh=C06D006CD3FA2BDE4BE596BD8A98CC409A616AA3 ft=1 fh=98cfe6578021772b vn="Variante von Win32/Adware.ConvertAd.CP Anwendung" ac=I fn="C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsn7082.tmp" sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\Desktop\Krimskram\WindowsSupportDll64.dll" sh=5FDFFF7DE721222B9C50996F30765BB7631CC841 ft=1 fh=e314fcfbda4844ea vn="Variante von Win32/InstallCore.XP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\Downloads\adobe_flash_setup.exe" sh=928AEDAC68CB038A228E2732931AB71CDA7382A4 ft=1 fh=189525df473ab0f6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\Downloads\MSI Afterburner - CHIP-Installer.exe" sh=DE33325E686C82C12DB1F95F39E94AC746F5B5B5 ft=1 fh=d789ebaae8b3bc52 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" sh=1DE85E0DB64E997AE9C9470C8A5B34DA283E0B47 ft=1 fh=0f76cd8780b17e40 vn="Win32/Adware.SpeedingUpMyPC.Y Anwendung" ac=I fn="C:\Users\All Users\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe" sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1]" sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1]" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Adware.SpeedingUpMyPC.Y Anwendung" ac=I fn="${Memory}" Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Norton Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Firefox (36.0.1) Google Chrome (40.0.2214.115) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Alessio (administrator) on ALESSIO-PC on 14-03-2015 14:13:56 Running from C:\Users\Alessio\Downloads Loaded Profiles: Alessio (Available profiles: Alessio) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\System32\PnkBstrA.exe () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsk35AB.tmp (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Zemi Interactive Inc.) C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe (Super PC Tools Ltd) C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-11] (NEXON Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52166;https=127.0.0.1:52166 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-17] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564 FF Homepage: https://www.google.de/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-14] (Nexon) FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4026364676-241273927-3108656300-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alessio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS) FF Extension: Zoom It - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{89322f21-4dab-1726-6081-084c403dcecf} [2015-03-13] FF Extension: Adblock Plus - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi FF HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\vxvj29up.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Docs) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16] CHR Extension: (Gmail) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814976 2015-02-06] () R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-12-07] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-14] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-15] () R2 pumygydy; C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [211456 2015-03-11] () [File not signed] R2 pyqoridy; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsk35AB.tmp [124928 2015-03-14] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] () R2 xebejehi; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [91648 2015-03-11] () [File not signed] R2 zizudobe; C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [94720 2015-03-11] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S1 aclrtvfz; \??\C:\Windows\system32\drivers\aclrtvfz.sys [X] S4 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [X] S1 dfxdnxpi; \??\C:\Windows\system32\drivers\dfxdnxpi.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130226.002\IDSvia64.sys [X] R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [X] R4 SymDS; system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [X] R4 SymEFA; system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-14 13:58 - 2015-03-14 13:58 - 00000000 _____ () C:\Users\Alessio\Desktop\FRST3.txt 2015-03-14 13:58 - 2015-03-14 13:58 - 00000000 _____ () C:\Users\Alessio\Desktop\Addition3.txt 2015-03-14 13:56 - 2015-03-14 13:58 - 00000910 _____ () C:\Users\Alessio\Desktop\checkup.txt.txt 2015-03-14 13:55 - 2015-03-14 13:56 - 00852604 _____ () C:\Users\Alessio\Desktop\SecurityCheck.exe 2015-03-14 13:54 - 2015-03-14 13:54 - 00016664 _____ () C:\Users\Alessio\Desktop\ESET.txt.txt 2015-03-14 11:38 - 2015-03-14 11:38 - 02347384 _____ (ESET) C:\Users\Alessio\Downloads\esetsmartinstaller_deu.exe 2015-03-13 18:39 - 2015-03-13 18:39 - 00066928 _____ () C:\Users\Alessio\Desktop\FRST2.txt 2015-03-13 18:39 - 2015-03-13 18:39 - 00029439 _____ () C:\Users\Alessio\Desktop\Addition2.txt 2015-03-13 18:38 - 2015-03-14 14:14 - 00022456 _____ () C:\Users\Alessio\Downloads\FRST.txt 2015-03-13 18:38 - 2015-03-13 18:38 - 00029465 _____ () C:\Users\Alessio\Downloads\Addition.txt 2015-03-13 18:36 - 2015-03-13 18:36 - 00001725 _____ () C:\Users\Alessio\Desktop\JRT.txt.txt 2015-03-13 18:33 - 2015-03-13 18:33 - 01388333 _____ (Thisisu) C:\Users\Alessio\Desktop\JRT.exe 2015-03-13 18:25 - 2015-03-13 18:31 - 00002505 _____ () C:\Users\Alessio\Desktop\AdwCleaner.txt.txt 2015-03-13 18:24 - 2015-03-13 18:24 - 02171392 _____ () C:\Users\Alessio\Downloads\AdwCleaner_4.112(6).exe 2015-03-13 18:16 - 2015-03-13 18:16 - 00012277 _____ () C:\Users\Alessio\Desktop\mbam.txt.txt 2015-03-13 18:05 - 2015-03-13 18:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-13 18:04 - 2015-03-13 18:04 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-13 18:03 - 2015-03-13 18:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Alessio\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-13 12:44 - 2015-03-13 12:44 - 00029781 _____ () C:\ComboFix.txt 2015-03-13 12:28 - 2015-03-13 12:44 - 00000000 ____D () C:\Qoobox 2015-03-13 12:28 - 2015-03-13 12:43 - 00000000 ____D () C:\Windows\erdnt 2015-03-13 12:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-13 12:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-13 12:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-13 12:26 - 2015-03-13 12:27 - 05613296 ____R (Swearware) C:\Users\Alessio\Desktop\ComboFix.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alessio\Downloads\revosetup95.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 00001264 _____ () C:\Users\Alessio\Desktop\Revo Uninstaller.lnk 2015-03-13 12:22 - 2015-03-13 12:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-12 13:46 - 2015-03-12 13:46 - 00038976 _____ () C:\Users\Alessio\Desktop\Addition1.txt 2015-03-12 13:45 - 2015-03-12 13:46 - 00068301 _____ () C:\Users\Alessio\Desktop\FRST1.txt 2015-03-12 13:44 - 2015-03-14 14:13 - 00000000 ____D () C:\FRST 2015-03-12 13:44 - 2015-03-12 13:44 - 02095616 _____ (Farbar) C:\Users\Alessio\Downloads\FRST64.exe 2015-03-12 13:19 - 2015-03-12 13:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-12 13:19 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-12 12:00 - 2015-03-09 11:32 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-12 12:00 - 2015-03-09 11:32 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00830600 _____ (Internet software ) C:\Users\Alessio\Downloads\adobe_flash_setup.exe 2015-03-11 14:31 - 2015-03-11 14:32 - 00000000 ____D () C:\Users\Alessio\Desktop\YT Dlds 2015-03-11 14:30 - 2015-03-11 14:30 - 11123720 _____ () C:\Users\Alessio\Downloads\YTDSetup.exe 2015-03-11 11:46 - 2015-03-11 11:46 - 00243528 _____ () C:\Users\Alessio\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-11 10:30 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 10:30 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 10:30 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 10:30 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 10:30 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 10:30 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 10:30 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 10:30 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 10:30 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 10:30 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 10:30 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 10:30 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 10:30 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 10:30 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 10:30 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 10:29 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 10:29 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 10:29 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 10:29 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 10:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 10:29 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 10:29 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 10:28 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 10:28 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 10:28 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 10:28 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 10:28 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 10:28 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 10:28 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 10:28 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 10:28 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 10:28 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 10:28 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 10:28 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 10:28 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 10:28 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 10:28 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 10:28 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 10:28 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 10:28 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 10:28 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 10:28 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 10:28 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 10:28 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 10:28 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 10:28 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 10:28 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 10:28 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 10:28 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 10:28 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 10:28 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 10:26 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 10:26 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 10:09 - 2015-03-14 14:06 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D 2015-03-11 10:08 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D 2015-03-11 10:06 - 2015-03-11 10:06 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068395-11DD-896D-3085A9AF655D 2015-03-11 10:05 - 2015-03-14 13:34 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D 2015-03-11 10:04 - 2015-03-13 18:18 - 00000000 ____D () C:\Users\Alessio\AppData\Local\winengine 2015-03-11 10:04 - 2015-03-13 18:17 - 00000000 ____D () C:\ProgramData\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed} 2015-03-11 10:04 - 2015-03-11 10:21 - 00000000 ____D () C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Bluestacks 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-03-08 11:51 - 2015-03-08 11:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2015-03-08 11:49 - 2007-01-19 18:24 - 00025312 ____R (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2015-03-08 11:47 - 2015-03-08 11:47 - 00000000 ____D () C:\Program Files (x86)\NETGEAR 2015-03-08 11:47 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2015-03-08 11:47 - 2011-04-19 17:52 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-03-08 11:47 - 2010-06-09 13:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-03-08 11:46 - 2015-03-08 11:46 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\InstallShield 2015-03-06 15:47 - 2015-03-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-04 21:59 - 2015-03-04 22:00 - 00000000 ____D () C:\Users\Alessio\Desktop\AoT 2015-02-26 11:37 - 2015-02-27 11:05 - 00000391 _____ () C:\Users\Alessio\Desktop\Miss.txt 2015-02-25 11:19 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:19 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157(1).exe 2015-02-24 14:36 - 2015-03-05 14:42 - 00001194 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk 2015-02-24 14:36 - 2015-03-05 14:42 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-02-19 11:11 - 2015-02-19 11:11 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Steam 2015-02-18 15:06 - 2015-02-18 15:06 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-18 00:19 - 2015-02-18 09:41 - 00019627 _____ () C:\Users\Alessio\Desktop\ALN.odt 2015-02-17 23:12 - 2015-02-17 23:13 - 00000582 _____ () C:\Users\Alessio\Desktop\Jokes.txt 2015-02-17 23:10 - 2015-02-17 23:54 - 00000140 _____ () C:\Users\Alessio\Desktop\Quellen.txt 2015-02-17 17:26 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-17 17:26 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-15 12:14 - 2015-02-15 12:14 - 00000222 _____ () C:\Users\Alessio\Desktop\GunZ 2 The Second Duel.url ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-14 14:14 - 2012-12-30 04:03 - 01284862 _____ () C:\Windows\WindowsUpdate.log 2015-03-14 14:12 - 2012-12-30 04:11 - 00000000 ____D () C:\ProgramData\Norton 2015-03-14 14:11 - 2013-05-25 11:40 - 00000000 ____D () C:\ProgramData\Origin 2015-03-14 14:11 - 2012-12-30 04:13 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2015-03-14 14:11 - 2012-12-29 23:16 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Skype 2015-03-14 14:11 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-14 14:11 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-14 14:07 - 2012-12-29 22:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-14 14:02 - 2013-05-25 11:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-14 14:02 - 2013-02-08 23:46 - 00000000 ____D () C:\Users\Alessio\AppData\Local\LogMeIn Hamachi 2015-03-14 14:02 - 2012-12-30 12:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-14 14:01 - 2012-12-30 04:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-14 14:01 - 2012-12-29 22:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-14 14:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-14 14:01 - 2009-07-14 05:51 - 00295419 _____ () C:\Windows\setupact.log 2015-03-14 14:00 - 2010-11-21 04:47 - 00694610 _____ () C:\Windows\PFRO.log 2015-03-14 13:54 - 2013-02-25 18:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-13 18:34 - 2013-01-06 14:31 - 00000000 ____D () C:\Users\Alessio\AppData\Local\CrashDumps 2015-03-13 18:27 - 2014-09-14 21:49 - 00000000 ____D () C:\AdwCleaner 2015-03-13 18:17 - 2013-03-26 22:13 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\gFtOF 2015-03-13 18:17 - 2013-03-26 19:49 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Uisbb 2015-03-13 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-03-13 12:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-13 12:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-13 12:35 - 2009-07-14 03:34 - 67633152 _____ () C:\Windows\system32\config\software.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-03-12 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 12:39 - 2013-03-16 10:54 - 00000000 ____D () C:\Fraps 2015-03-12 12:00 - 2015-01-08 14:15 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Adobe 2015-03-11 17:57 - 2013-06-25 16:00 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Warframe 2015-03-11 11:44 - 2012-12-29 22:40 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Google 2015-03-11 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 11:34 - 2009-07-14 05:45 - 00346416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:04 - 2013-08-15 22:25 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 10:57 - 2013-06-27 00:24 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 10:15 - 2012-12-30 04:07 - 00000999 _____ () C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-08 11:54 - 2011-04-12 08:43 - 01283404 _____ () C:\Windows\system32\perfh007.dat 2015-03-08 11:54 - 2011-04-12 08:43 - 00331438 _____ () C:\Windows\system32\perfc007.dat 2015-03-08 11:54 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 11:47 - 2012-12-30 04:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 14:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-05 22:35 - 2013-01-25 22:54 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\TS3Client 2015-03-05 20:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-24 14:41 - 2013-05-27 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ____D () C:\ProgramData\Skype 2015-02-18 15:28 - 2014-11-20 18:02 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Dxtory Software 2015-02-18 15:07 - 2014-10-13 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-18 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-17 18:04 - 2013-12-04 20:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\ArmA 2 OA 2015-02-16 16:20 - 2013-02-08 23:47 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-02-16 10:45 - 2015-01-25 19:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2015-02-12 14:06 - 2014-12-12 12:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 14:06 - 2014-05-06 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2013-03-26 21:37 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe 2013-05-31 19:27 - 2013-08-27 13:18 - 0036864 _____ () C:\Users\Alessio\AppData\Roaming\RZR_0060f45e48b3b0e8dcec4d8da47b.db 2013-03-26 23:10 - 2013-03-26 23:10 - 0004743 _____ () C:\Users\Alessio\AppData\Roaming\ss.png 2013-03-26 21:22 - 2013-03-26 21:37 - 0046592 _____ (baCwJ5uAc4VR) C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak 2013-09-22 20:14 - 2014-09-07 17:46 - 0000177 _____ () C:\Users\Alessio\AppData\Roaming\WB.CFG 2013-12-02 19:36 - 2014-04-11 15:36 - 0012800 _____ () C:\Users\Alessio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-01 14:44 - 2014-11-01 14:44 - 0002227 _____ () C:\Users\Alessio\AppData\Local\recently-used.xbel 2013-05-14 13:07 - 2013-05-14 13:07 - 0024128 _____ () C:\Users\Alessio\AppData\Local\Temp1.jpg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 15:16 ==================== End Of Log ============================ --- --- --- --- --- --- Ach und grad eben hat sich trzdem nochmal dieser AnyWhereAccessSetup Wizard geöffnet. Ich weiß nich was das is.. Der hinterlässt immer eine datei die heißt ICReinstall_nss2C83.tmp Geändert von Alessio (14.03.2015 um 14:25 Uhr) |
15.03.2015, 06:59 | #10 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\onst5341.tmp C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V9LAKNX\SU_Srv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZN00QN1\OfferInstaller[2].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PFV0DOM\VOsrv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\BetweenLines[1].dll C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\Setup[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3F7B5UX\Update_Notifier[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q46ZAFB6\JOSrv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFFRVSD\Setup[1].exe C:\Users\Alessio\AppData\Local\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\cache2\entries\72D30242E5365DEDF13376EBFC181995B1B41CEA C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsd24D6.tmp C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsn66E4.tmp C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nss3B23.tmp C:\Users\Alessio\AppData\Local\Temp\nsd24D6.tmp C:\Users\Alessio\AppData\Local\Temp\nsn66E4.tmp C:\Users\Alessio\AppData\Local\Temp\nss3B23.tmp C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsn7082.tmp C:\Users\Alessio\Desktop\Krimskram\WindowsSupportDll64.dll C:\Users\Alessio\Downloads\adobe_flash_setup.exe C:\Users\Alessio\Downloads\MSI Afterburner - CHIP-Installer.exe C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe C:\Users\All Users\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1] Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 xebejehi; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [91648 2015-03-11] () [File not signed] R2 zizudobe; C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [94720 2015-03-11] () [File not signed] C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] RemoveProxy: Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.03.2015, 11:13 | #11 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Hallo Vielen Dank das mit der Werbung ist jz scheinbar endgültig verschwunden Ich hoffe das der AnyWhereAccessSetup Wizard damit auch beseitigt ist. So hier das Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Alessio at 2015-03-15 11:01:25 Run:1 Running from C:\Users\Alessio\Desktop Loaded Profiles: Alessio (Available profiles: Alessio) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\onst5341.tmp C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V9LAKNX\SU_Srv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZN00QN1\OfferInstaller[2].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PFV0DOM\VOsrv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\BetweenLines[1].dll C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\Setup[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3F7B5UX\Update_Notifier[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q46ZAFB6\JOSrv[1].exe C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFFRVSD\Setup[1].exe C:\Users\Alessio\AppData\Local\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\cache2\entries\72D30242E5365DEDF13376EBFC181995B1B41CEA C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsd24D6.tmp C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsn66E4.tmp C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nss3B23.tmp C:\Users\Alessio\AppData\Local\Temp\nsd24D6.tmp C:\Users\Alessio\AppData\Local\Temp\nsn66E4.tmp C:\Users\Alessio\AppData\Local\Temp\nss3B23.tmp C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsn7082.tmp C:\Users\Alessio\Desktop\Krimskram\WindowsSupportDll64.dll C:\Users\Alessio\Downloads\adobe_flash_setup.exe C:\Users\Alessio\Downloads\MSI Afterburner - CHIP-Installer.exe C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe C:\Users\All Users\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1] Startup: C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 xebejehi; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp [91648 2015-03-11] () [File not signed] R2 zizudobe; C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D\cnsz2511.tmp [94720 2015-03-11] () [File not signed] C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] RemoveProxy: Emptytemp: ***************** "C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}" directory move: Could not move "C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}" directory. => Scheduled to move on reboot. C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\onst5341.tmp => Moved successfully. C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp => Moved successfully. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V9LAKNX\SU_Srv[1].exe => Moved successfully. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZN00QN1\OfferInstaller[2].exe => Moved successfully. "C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PFV0DOM\VOsrv[1].exe" => File/Directory not found. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\BetweenLines[1].dll => Moved successfully. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAOYJRA5\Setup[1].exe => Moved successfully. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3F7B5UX\Update_Notifier[1].exe => Moved successfully. C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q46ZAFB6\JOSrv[1].exe => Moved successfully. "C:\Users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFFRVSD\Setup[1].exe" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Mozilla\Firefox\Profiles\yx9kfsx8.default-1418917023564\cache2\entries\72D30242E5365DEDF13376EBFC181995B1B41CEA" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsd24D6.tmp" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nsn66E4.tmp" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\ICReinstall_nss3B23.tmp" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\nsd24D6.tmp" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\nsn66E4.tmp" => File/Directory not found. "C:\Users\Alessio\AppData\Local\Temp\nss3B23.tmp" => File/Directory not found. C:\Users\Alessio\AppData\Roaming\ndcAIVJ5D7S.exe => Moved successfully. C:\Users\Alessio\AppData\Roaming\VnjnJP5w6eXE.bak => Moved successfully. C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\jnsi6057.tmp => Moved successfully. "C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsn7082.tmp" => File/Directory not found. C:\Users\Alessio\Desktop\Krimskram\WindowsSupportDll64.dll => Moved successfully. "C:\Users\Alessio\Downloads\adobe_flash_setup.exe" => File/Directory not found. C:\Users\Alessio\Downloads\MSI Afterburner - CHIP-Installer.exe => Moved successfully. C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe => Moved successfully. C:\Users\All Users\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe => Moved successfully. "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1]" => File/Directory not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0GWJC8C\update[1] => Moved successfully. C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk => Moved successfully. C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc}\SuperOptimizerInstaller.exe not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully. HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. xebejehi => Service stopped successfully. xebejehi => Service deleted successfully. zizudobe => Service stopped successfully. zizudobe => Service deleted successfully. C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D => Moved successfully. X6va011 => Service deleted successfully. X6va012 => Service deleted successfully. X6va013 => Service deleted successfully. X6va015 => Service deleted successfully. X6va016 => Service deleted successfully. ========= RemoveProxy: ========= "HKU\S-1-5-21-4026364676-241273927-3108656300-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. HKU\S-1-5-21-4026364676-241273927-3108656300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-4026364676-241273927-3108656300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= EmptyTemp: => Removed 437.8 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-15 11:04:26)<= C:\ProgramData\{96cad7ef-3892-e14f-96ca-ad7ef3895fbc} => Is moved successfully. ==== End of Fixlog 11:04:26 ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Alessio (administrator) on ALESSIO-PC on 15-03-2015 11:08:28 Running from C:\Users\Alessio\Desktop Loaded Profiles: Alessio (Available profiles: Alessio) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\System32\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Users\Alessio\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Akamai Technologies, Inc.) C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-11] (NEXON Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Alessio\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4026364676-241273927-3108656300-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-17] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\runh81t3.default-1426413471539 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-14] (Nexon) FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4026364676-241273927-3108656300-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alessio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi FF HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\vxvj29up.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Docs) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16] CHR Extension: (Gmail) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814976 2015-02-06] () R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-12-07] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-14] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-15] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] () S2 pumygydy; C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [X] S2 wocyfyho; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsiD52B.tmp [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S1 aclrtvfz; \??\C:\Windows\system32\drivers\aclrtvfz.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 dfxdnxpi; \??\C:\Windows\system32\drivers\dfxdnxpi.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 11:08 - 2015-03-15 11:09 - 00019453 _____ () C:\Users\Alessio\Desktop\FRST.txt 2015-03-15 11:06 - 2015-03-15 11:06 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-15 11:06 - 2015-03-15 11:06 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-15 11:06 - 2015-03-15 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-15 10:53 - 2015-03-15 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-14 17:44 - 2015-03-14 17:44 - 00243528 _____ () C:\Users\Alessio\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-14 17:23 - 2015-03-14 17:23 - 02171392 _____ () C:\Users\Alessio\Desktop\adwcleaner_4.112.exe 2015-03-14 13:58 - 2015-03-14 14:15 - 00062916 _____ () C:\Users\Alessio\Desktop\FRST3.txt 2015-03-14 13:58 - 2015-03-14 13:58 - 00000000 _____ () C:\Users\Alessio\Desktop\Addition3.txt 2015-03-14 13:56 - 2015-03-14 13:58 - 00000910 _____ () C:\Users\Alessio\Desktop\checkup.txt.txt 2015-03-14 13:55 - 2015-03-14 13:56 - 00852604 _____ () C:\Users\Alessio\Desktop\SecurityCheck.exe 2015-03-14 13:54 - 2015-03-14 13:54 - 00016664 _____ () C:\Users\Alessio\Desktop\ESET.txt.txt 2015-03-14 11:38 - 2015-03-14 11:38 - 02347384 _____ (ESET) C:\Users\Alessio\Downloads\esetsmartinstaller_deu.exe 2015-03-13 18:39 - 2015-03-13 18:39 - 00066928 _____ () C:\Users\Alessio\Desktop\FRST2.txt 2015-03-13 18:39 - 2015-03-13 18:39 - 00029439 _____ () C:\Users\Alessio\Desktop\Addition2.txt 2015-03-13 18:36 - 2015-03-13 18:36 - 00001725 _____ () C:\Users\Alessio\Desktop\JRT.txt.txt 2015-03-13 18:33 - 2015-03-13 18:33 - 01388333 _____ (Thisisu) C:\Users\Alessio\Desktop\JRT.exe 2015-03-13 18:25 - 2015-03-13 18:31 - 00002505 _____ () C:\Users\Alessio\Desktop\AdwCleaner.txt.txt 2015-03-13 18:24 - 2015-03-13 18:24 - 02171392 _____ () C:\Users\Alessio\Downloads\AdwCleaner_4.112(6).exe 2015-03-13 18:16 - 2015-03-13 18:16 - 00012277 _____ () C:\Users\Alessio\Desktop\mbam.txt.txt 2015-03-13 18:05 - 2015-03-14 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-13 18:04 - 2015-03-13 18:04 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-13 18:04 - 2015-03-13 18:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-13 18:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-13 18:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-13 18:03 - 2015-03-13 18:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Alessio\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-13 12:44 - 2015-03-13 12:44 - 00029781 _____ () C:\ComboFix.txt 2015-03-13 12:28 - 2015-03-13 12:44 - 00000000 ____D () C:\Qoobox 2015-03-13 12:28 - 2015-03-13 12:43 - 00000000 ____D () C:\Windows\erdnt 2015-03-13 12:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-13 12:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-13 12:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-13 12:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-13 12:26 - 2015-03-13 12:27 - 05613296 ____R (Swearware) C:\Users\Alessio\Desktop\ComboFix.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alessio\Downloads\revosetup95.exe 2015-03-13 12:22 - 2015-03-13 12:22 - 00001264 _____ () C:\Users\Alessio\Desktop\Revo Uninstaller.lnk 2015-03-13 12:22 - 2015-03-13 12:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-12 13:46 - 2015-03-12 13:46 - 00038976 _____ () C:\Users\Alessio\Desktop\Addition1.txt 2015-03-12 13:45 - 2015-03-12 13:46 - 00068301 _____ () C:\Users\Alessio\Desktop\FRST1.txt 2015-03-12 13:44 - 2015-03-15 11:08 - 00000000 ____D () C:\FRST 2015-03-12 13:44 - 2015-03-12 13:44 - 02095616 _____ (Farbar) C:\Users\Alessio\Desktop\FRST64.exe 2015-03-12 12:00 - 2015-03-09 11:32 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-12 12:00 - 2015-03-09 11:32 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-11 10:30 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 10:30 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 10:30 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 10:30 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 10:30 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 10:30 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 10:30 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 10:30 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 10:30 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 10:30 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 10:30 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 10:30 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 10:30 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 10:30 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 10:30 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 10:30 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 10:30 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 10:30 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 10:30 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 10:30 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 10:30 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 10:30 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 10:29 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 10:29 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 10:29 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 10:29 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 10:29 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 10:29 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 10:29 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 10:29 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 10:29 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 10:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 10:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 10:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 10:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 10:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 10:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 10:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 10:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 10:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 10:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 10:29 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 10:29 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 10:29 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 10:28 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 10:28 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 10:28 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 10:28 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 10:28 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 10:28 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 10:28 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 10:28 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 10:28 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 10:28 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 10:28 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 10:28 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 10:28 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 10:28 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 10:28 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 10:28 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 10:28 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 10:28 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 10:28 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 10:28 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 10:28 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 10:28 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 10:28 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 10:28 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 10:28 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 10:28 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 10:28 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 10:28 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 10:28 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 10:28 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 10:28 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 10:28 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 10:28 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 10:28 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 10:28 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 10:28 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 10:28 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 10:28 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 10:28 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 10:28 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 10:28 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 10:28 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 10:26 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 10:26 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 10:09 - 2015-03-15 11:01 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D 2015-03-11 10:08 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068533-11DD-896D-3085A9AF655D 2015-03-11 10:06 - 2015-03-11 10:06 - 00000000 ____D () C:\Users\Alessio\AppData\Local\F1F1D280-1426068395-11DD-896D-3085A9AF655D 2015-03-11 10:04 - 2015-03-13 18:18 - 00000000 ____D () C:\Users\Alessio\AppData\Local\winengine 2015-03-11 10:04 - 2015-03-13 18:17 - 00000000 ____D () C:\ProgramData\{7a382bfb-7e4f-0314-7a38-82bfb7e4afed} 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Bluestacks 2015-03-11 10:04 - 2015-03-11 10:04 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-03-08 11:51 - 2015-03-08 11:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2015-03-08 11:49 - 2007-01-19 18:24 - 00025312 ____R (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2015-03-08 11:47 - 2015-03-08 11:47 - 00000000 ____D () C:\Program Files (x86)\NETGEAR 2015-03-08 11:47 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2015-03-08 11:47 - 2011-04-19 17:52 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-03-08 11:47 - 2011-04-19 17:31 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-03-08 11:47 - 2010-06-09 13:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-03-08 11:47 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-03-08 11:46 - 2015-03-08 11:46 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\InstallShield 2015-03-04 21:59 - 2015-03-04 22:00 - 00000000 ____D () C:\Users\Alessio\Desktop\AoT 2015-02-26 11:37 - 2015-02-27 11:05 - 00000391 _____ () C:\Users\Alessio\Desktop\Miss.txt 2015-02-25 11:19 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:19 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-24 14:41 - 2015-02-24 14:41 - 01533584 _____ () C:\Users\Alessio\Downloads\battlelog-web-plugins_2.6.2_157(1).exe 2015-02-24 14:36 - 2015-03-05 14:42 - 00001194 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk 2015-02-24 14:36 - 2015-03-05 14:42 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-20 08:25 - 2015-02-20 08:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-02-19 11:11 - 2015-02-19 11:11 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Steam 2015-02-18 15:06 - 2015-02-18 15:06 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2015-02-18 15:06 - 2015-02-18 15:06 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-18 00:19 - 2015-02-18 09:41 - 00019627 _____ () C:\Users\Alessio\Desktop\ALN.odt 2015-02-17 23:12 - 2015-02-17 23:13 - 00000582 _____ () C:\Users\Alessio\Desktop\Jokes.txt 2015-02-17 23:10 - 2015-02-17 23:54 - 00000140 _____ () C:\Users\Alessio\Desktop\Quellen.txt 2015-02-17 17:26 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 17:26 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-17 17:26 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-15 12:14 - 2015-02-15 12:14 - 00000222 _____ () C:\Users\Alessio\Desktop\GunZ 2 The Second Duel.url ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 11:07 - 2012-12-30 04:03 - 01363549 _____ () C:\Windows\WindowsUpdate.log 2015-03-15 11:07 - 2012-12-29 22:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-15 11:05 - 2013-05-25 11:40 - 00000000 ____D () C:\ProgramData\Origin 2015-03-15 11:05 - 2012-12-29 23:16 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Skype 2015-03-15 11:04 - 2013-05-25 11:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-15 11:04 - 2013-02-08 23:46 - 00000000 ____D () C:\Users\Alessio\AppData\Local\LogMeIn Hamachi 2015-03-15 11:04 - 2012-12-30 12:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-15 11:03 - 2012-12-30 04:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-15 11:03 - 2012-12-29 22:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-15 11:03 - 2010-11-21 04:47 - 01355622 _____ () C:\Windows\PFRO.log 2015-03-15 11:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-15 11:03 - 2009-07-14 05:51 - 00295923 _____ () C:\Windows\setupact.log 2015-03-15 11:01 - 2013-10-22 19:07 - 00000000 ____D () C:\Users\Alessio\Desktop\Krimskram 2015-03-15 10:57 - 2014-12-18 16:37 - 00000000 ____D () C:\Users\Alessio\Desktop\Alte Firefox-Daten 2015-03-15 10:54 - 2013-02-25 18:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-15 10:53 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-15 10:53 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-14 17:37 - 2014-09-14 21:49 - 00000000 ____D () C:\AdwCleaner 2015-03-14 17:37 - 2012-12-30 04:11 - 00000000 ____D () C:\ProgramData\Norton 2015-03-13 18:34 - 2013-01-06 14:31 - 00000000 ____D () C:\Users\Alessio\AppData\Local\CrashDumps 2015-03-13 18:17 - 2013-03-26 22:13 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\gFtOF 2015-03-13 18:17 - 2013-03-26 19:49 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\Uisbb 2015-03-13 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-03-13 12:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-13 12:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-13 12:35 - 2009-07-14 03:34 - 67633152 _____ () C:\Windows\system32\config\software.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-03-13 12:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-03-12 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 12:39 - 2013-03-16 10:54 - 00000000 ____D () C:\Fraps 2015-03-12 12:00 - 2015-01-08 14:15 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Adobe 2015-03-11 17:57 - 2013-06-25 16:00 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Warframe 2015-03-11 11:44 - 2012-12-29 22:40 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Google 2015-03-11 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 11:34 - 2009-07-14 05:45 - 00346416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:04 - 2013-08-15 22:25 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 10:57 - 2013-06-27 00:24 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 10:15 - 2012-12-30 04:07 - 00000999 _____ () C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-08 11:54 - 2011-04-12 08:43 - 01283404 _____ () C:\Windows\system32\perfh007.dat 2015-03-08 11:54 - 2011-04-12 08:43 - 00331438 _____ () C:\Windows\system32\perfc007.dat 2015-03-08 11:54 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 11:47 - 2012-12-30 04:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 14:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-05 22:35 - 2013-01-25 22:54 - 00000000 ____D () C:\Users\Alessio\AppData\Roaming\TS3Client 2015-03-05 20:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-05 14:48 - 2013-02-20 21:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-24 14:41 - 2013-05-27 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-23 09:48 - 2012-12-29 23:15 - 00000000 ____D () C:\ProgramData\Skype 2015-02-18 15:28 - 2014-11-20 18:02 - 00000000 ____D () C:\Users\Alessio\AppData\Local\Dxtory Software 2015-02-18 15:07 - 2014-10-13 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-18 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-17 18:04 - 2013-12-04 20:04 - 00000000 ____D () C:\Users\Alessio\AppData\Local\ArmA 2 OA 2015-02-16 16:20 - 2013-02-08 23:47 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-02-16 10:45 - 2015-01-25 19:24 - 00000000 ____D () C:\Program Files (x86)\Glyph ==================== Files in the root of some directories ======= 2013-05-31 19:27 - 2013-08-27 13:18 - 0036864 _____ () C:\Users\Alessio\AppData\Roaming\RZR_0060f45e48b3b0e8dcec4d8da47b.db 2013-03-26 23:10 - 2013-03-26 23:10 - 0004743 _____ () C:\Users\Alessio\AppData\Roaming\ss.png 2013-09-22 20:14 - 2014-09-07 17:46 - 0000177 _____ () C:\Users\Alessio\AppData\Roaming\WB.CFG 2013-12-02 19:36 - 2014-04-11 15:36 - 0012800 _____ () C:\Users\Alessio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-01 14:44 - 2014-11-01 14:44 - 0002227 _____ () C:\Users\Alessio\AppData\Local\recently-used.xbel 2013-05-14 13:07 - 2013-05-14 13:07 - 0024128 _____ () C:\Users\Alessio\AppData\Local\Temp1.jpg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 15:16 ==================== End Of Log ============================ Diesmal wieder eine Addition dabei Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Alessio at 2015-03-15 11:09:24 Running from C:\Users\Alessio\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Story DE 4.1.176 (HKLM-x32\...\4Story_DE_is1) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - ) aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version: - Browser Updater) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.11 - Cliqz.com) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ Commander (HKLM-x32\...\{D4BA1D6D-DACD-4411-9DEC-6BEE3793277E}) (Version: 0.92.95 - Dotjosh Studios) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) GDMO (HKLM-x32\...\DMO) (Version: - ) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment) GunZ2 (HKLM-x32\...\GunZ2) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1311.20) (Version: 3.6.1311.20 - Solveig Multimedia) Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{9fe8a752-f74c-45c7-a712-1398de096d70}) (Version: latest - ppy Pty Ltd) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) S4 League (HKLM-x32\...\S4 League) (Version: - ) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Shutdown Timer (HKLM-x32\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios) Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited) Spider-Man 3 (TM) (HKLM-x32\...\InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}) (Version: 1.00.0000 - Activision) Spider-Man 3(TM) (x32 Version: 1.00.0000 - Activision) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games) TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version: - NCH Software) Vindictus EU (HKLM-x32\...\Vindictus EU) (Version: - ) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) winengine (HKU\S-1-5-21-4026364676-241273927-3108656300-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-03-2015 11:46:26 Installiert NETGEAR WNDA3100v2 wireless USB 2.0 driver 08-03-2015 11:49:31 Gerätetreiber-Paketinstallation: NETGEAR Inc. Netzwerkprotokoll 09-03-2015 12:12:55 Windows Update 11-03-2015 10:55:42 Windows Update 12-03-2015 11:59:07 LavasoftWeCompanion 12-03-2015 12:02:54 LavasoftWeCompanion 13-03-2015 12:24:05 Revo Uninstaller's restore point - Speed Test Analysis 14-03-2015 14:13:47 Windows Update 15-03-2015 10:59:14 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-13 12:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E2B83DC-C03A-45CB-AD4F-16ECBAAA06CA} - System32\Tasks\{FB710A8C-3F20-4037-BA9F-2279DB8C60CE} => C:\Users\Alessio\Desktop\Spiele\Cube World\Server.exe Task: {1D71DD0D-918A-411F-8C1F-C38D3F4B92A9} - System32\Tasks\{B712CEDA-CB66-487A-B1D0-16FCF3833331} => pcalua.exe -a C:\Users\Alessio\Downloads\pb35setup.exe -d C:\Users\Alessio\Downloads Task: {1ED6DB81-95D4-4B4A-93C3-3B61C2869614} - System32\Tasks\{3B21737A-2EEE-4B80-9791-0CA45E4EAF79} => pcalua.exe -a "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2\instmsiw.exe" -d "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe InDesign CS2" Task: {247C1470-0DD9-41AA-A141-37540BCC668C} - System32\Tasks\{ECC14FBB-A210-44BF-8D17-90CFAE26A593} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar Task: {2EF31754-B9D1-40E1-80B1-903CE51B89E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {35596071-9BC2-41E5-B2B9-C49C82FFD345} - System32\Tasks\{960ABE80-50A4-4F97-828F-A3F8E9D4AF23} => pcalua.exe -a C:\Users\Alessio\Desktop\CS2_RetNon_Ger_2.exe -d C:\Users\Alessio\Desktop Task: {3FEDD910-5225-45A1-9ED3-6D2FC0133681} - System32\Tasks\{DDB1CD15-9B67-416D-B21D-5EBEDD2258B6} => C:\Users\Alessio\Desktop\Spiele\Leagues of Legends\Dateipad\lol.launcher.exe [2012-04-24] () Task: {43DC7FE8-7A84-4957-9976-FC78A4C5E65C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {4CBDEA00-DB3A-47F5-8938-A1DBB93E4E9F} - System32\Tasks\{F555DCF7-5330-4992-8D0E-44803962035A} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=Angry Birds Space Bundle by SweetPacks" Task: {5116F59E-BFC1-4DEC-B583-AF8D98340A93} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION Task: {6ABE04FA-43E5-4FD2-9A16-F47C36BE603E} - System32\Tasks\{E76D057E-E5CC-451F-A489-35E0711C5B54} => pcalua.exe -a "C:\Users\Alessio\Desktop\Spiele\Cube World\CubeLauncher.exe" -d "C:\Users\Alessio\Desktop\Spiele\Cube World" Task: {6B5BF2CD-A7A4-43DB-BEBF-2B5C73F1B284} - System32\Tasks\{59712F7F-602B-4259-BC4A-F548DA1D39C8} => pcalua.exe -a C:\Users\Alessio\Downloads\S4_League.exe -d C:\Users\Alessio\Downloads Task: {798E7F0A-8A24-4746-B159-10A30453F181} - System32\Tasks\{A5848A69-81AF-4E23-94FE-FF5D088EF999} => pcalua.exe -a "C:\Users\Alessio\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {804B9EB3-6929-4223-B074-1C73241530F9} - System32\Tasks\{C4B7EC27-61A6-4F4A-AB88-42C1FC45D781} => pcalua.exe -a C:\Users\Alessio\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION Task: {809E5053-971E-4266-A206-18A382E1A764} - \Windows Update Check - 0x05B00174 No Task File <==== ATTENTION Task: {A2355A77-DABF-4F47-8816-514349A52D56} - System32\Tasks\{AB2A9000-5877-4F39-ABD8-165203A76308} => C:\Program Files (x86)\S4League\patcher_s4.exe Task: {ACAE00EF-7BE7-4867-8B68-EF3912A49A8A} - System32\Tasks\{9425F20D-C1BE-4D99-BCBD-82AD7F4A72C7} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {B14A17CA-B4E5-47BB-8CEE-284D553D2AA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.) Task: {C355A1C9-D143-4253-A2F6-125B60A794A0} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Alessio\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe Task: {C8779DCA-8234-45DC-B195-770DCFC0E0E2} - System32\Tasks\{43ED0757-E288-4FDA-9F7B-48A48A47A945} => pcalua.exe -a "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0\Multi[Installer] v1.0.exe" -d "C:\Users\Alessio\Downloads\[Mutli] Installer v1.0" Task: {DAFB7EC2-4535-447E-B6F1-CE356597BB61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-12-30 04:26 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-14 12:08 - 2014-07-14 12:08 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-05-11 18:40 - 2013-05-11 18:40 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2013-03-25 13:23 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 10:06 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 13:52 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 18:32 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2012-12-30 12:10 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-10-21 21:55 - 2014-03-24 09:37 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2014-10-21 21:55 - 2014-03-24 09:33 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2012-12-30 12:10 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4026364676-241273927-3108656300-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LEVxCIdNFBMA.lnk => C:\Windows\pss\LEVxCIdNFBMA.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lkYsOYc1bJT0.lnk => C:\Windows\pss\lkYsOYc1bJT0.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alessio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VnjnJP5w6eXE.lnk => C:\Windows\pss\VnjnJP5w6eXE.lnk.Startup ==================== Accounts: ============================= Administrator (S-1-5-21-4026364676-241273927-3108656300-500 - Administrator - Disabled) Alessio (S-1-5-21-4026364676-241273927-3108656300-1000 - Administrator - Enabled) => C:\Users\Alessio Gast (S-1-5-21-4026364676-241273927-3108656300-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4026364676-241273927-3108656300-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Ethernet-Controller Description: Ethernet-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/15/2015 11:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/15/2015 10:46:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 05:44:37 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/14/2015 05:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/14/2015 02:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 01:56:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/14/2015 01:53:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (03/15/2015 11:03:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Alt Port" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/15/2015 11:03:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Border Width" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/14/2015 02:11:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (03/14/2015 02:11:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (03/14/2015 02:10:36 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%839 Error: (03/14/2015 02:06:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (03/14/2015 02:06:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Norton PC Checkup Application Launcher" wurde nicht richtig gestartet. Error: (03/14/2015 02:05:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (03/14/2015 02:04:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (03/14/2015 02:06:40 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%838 Microsoft Office Sessions: ========================= Error: (03/15/2015 11:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/15/2015 10:46:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 05:44:37 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alessio\Downloads\esetsmartinstaller_deu.exe Error: (03/14/2015 05:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/14/2015 02:13:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/14/2015 02:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2015 01:56:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alessio\Downloads\esetsmartinstaller_deu.exe Error: (03/14/2015 01:53:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe CodeIntegrity Errors: =================================== Date: 2015-03-13 12:34:35.200 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-13 12:34:35.171 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz Percentage of memory in use: 34% Total physical RAM: 8144.44 MB Available physical RAM: 5321.48 MB Total Pagefile: 16287.06 MB Available Pagefile: 13640.88 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:965.14 GB) NTFS Drive d: (WNDA3100v2) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1A2000CD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
15.03.2015, 14:04 | #12 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {5116F59E-BFC1-4DEC-B583-AF8D98340A93} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION C:\Program Files (x86)\Protected Search Task: {804B9EB3-6929-4223-B074-1C73241530F9} - System32\Tasks\{C4B7EC27-61A6-4F4A-AB88-42C1FC45D781} => pcalua.exe -a C:\Users\Alessio\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION C:\Users\Alessio\AppData\Roaming\webssearches Task: {809E5053-971E-4266-A206-18A382E1A764} - \Windows Update Check - 0x05B00174 No Task File <==== ATTENTION S2 pumygydy; C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D\snse5330.tmp [X] S2 wocyfyho; C:\Users\Alessio\AppData\Roaming\F1F1D280-1426064734-11DD-896D-3085A9AF655D\nsiD52B.tmp [X] C:\Users\Alessio\AppData\Local\F1F1D280-1426068548-11DD-896D-3085A9AF655D Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.03.2015, 16:24 | #13 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. ... |
15.03.2015, 20:15 | #14 |
/// the machine /// TB-Ausbilder | Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. ???
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.03.2015, 22:21 | #15 |
| Windows 7 : Firefox öffnet eigenständig tabs mit Werbung. eh sorry ich hatte da nochmal das mit dem danke geschrieben da das auf die 2te seite gerutscht ist und ich dachte ich hab das noch nicht gepostet mein fehler Du kannst das dann als erledigt markieren hab das mit delfix noch gemacht danke nochmal |