Ominöse .js-Datei im E-Mail-Anhang. Leider schon geöffnet, was ist das?

schrauber · 10.04.2015, 18:49

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Verses · 12.04.2015, 14:32

ESET Logfile:

Code:

ATTFilter

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir	Variante von Win64/Systweak.A evtl. unerwünschte Anwendung
C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe	Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung
C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe	Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung
D:\temp\Label_000817939.doc.js	JS/TrojanDownloader.Nemucod.AF Trojaner
D:\temp\Label_000817939.zip	JS/TrojanDownloader.Nemucod.AF Trojaner

SecurityCheck Logfile:

Code:

ATTFilter

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Internet Security 2015   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 45  
 Java 7 Update 55  
 Java(TM) SE Development Kit 6 Update 45 
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (37.0.1) 
 Mozilla Thunderbird (31.6.0) 
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Verses (administrator) on NOTEBOOK-Verses on 12-04-2015 15:29:39
Running from D:\Software\Farbar Recovery Scan Tool
Loaded Profiles: Verses (Available profiles: Verses & openpgsvc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Acronis) C:\Program Files (x86)\Common Files\Seagate\CDP\afcdpsrv.exe
() C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apache Software Foundation) C:\Program Files\Apache Foundation\Apache2.4\bin\ApacheMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Sonix) C:\Program Files (x86)\Common Files\SNP2UVC\vsnp2uvc.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\PowerDVDCox10.exe
() C:\Program Files (x86)\bfgclient\bfgclient.exe
() C:\Program Files (x86)\bfgclient\bfgclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-30] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801408 2012-03-30] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395744 2012-10-31] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-07-15] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-06-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-21] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-01-30] (ASUS)
HKLM-x32\...\Run: [BlackArmorBackupMonitor.exe] => C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe [5584616 2012-10-31] ()
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [snp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [331064 2013-07-30] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe [132096 2009-12-02] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-01-15] (cyberlink)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe [771584 2013-11-25] (Oracle Corporation)
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Run: [NetBalancer] => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1803112 2015-04-06] (SeriousBit)
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2611808 2014-03-16] ()
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2889408 2015-04-09] (Valve Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Apache Monitor.lnk
ShortcutTarget: Apache Monitor.lnk -> C:\Program Files\Apache Foundation\Apache2.4\bin\ApacheMonitor.exe (Apache Software Foundation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2629921762-3918403595-844649534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2629921762-3918403595-844649534-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-27] (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-30] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2629921762-3918403595-844649534-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-gm.fh-koeln.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\..\Interfaces\{595C5572-E3A1-4257-9E0A-25E6708F169A}: [NameServer] 192.168.0.250

FireFox:
========
FF ProfilePath: D:\Verses\Firefox\Versesneu.profile
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2629921762-3918403595-844649534-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Verses\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2629921762-3918403595-844649534-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF user.js: detected! => D:\Mozilla\Firefox\Verses (alt)\user.js [2013-10-30]
FF SearchPlugin: D:\Verses\Firefox\Verses.profile\searchplugins\trovi-search.xml [2014-07-29]
FF SearchPlugin: D:\Mozilla\Firefox\Verses (alt)\searchplugins\babylon.xml [2013-06-28]
FF Extension: Flash Video Downloader - YouTube Full HD Download - D:\Verses\Firefox\Verses.profile\Extensions\artur.dubovoy@gmail.com [2014-08-01]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - D:\Verses\Firefox\Verses.profile\Extensions\pavel.sherbakov@gmail.com [2014-08-21]
FF Extension: TooManyTabs - D:\Verses\Firefox\Verses.profile\Extensions\TooManyTabs@visibotech.com [2014-05-10]
FF Extension: iMacros for Firefox - D:\Verses\Firefox\Verses.profile\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-25]
FF Extension: WOT - D:\Verses\Firefox\Verses.profile\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-01]
FF Extension: Firebug - D:\Verses\Firefox\Verses.profile\Extensions\firebug@software.joehewitt.com.xpi [2014-02-01]
FF Extension: NoScript - D:\Verses\Firefox\Verses.profile\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-01]
FF Extension: FireFTP - D:\Verses\Firefox\Verses.profile\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-02-07]
FF Extension: Web Developer - D:\Verses\Firefox\Verses.profile\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-04-01]
FF Extension: Adblock Plus - D:\Verses\Firefox\Verses.profile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-01]
FF Extension: DownThemAll! - D:\Verses\Firefox\Verses.profile\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-01]
FF Extension: Greasemonkey - D:\Verses\Firefox\Verses.profile\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-01]
FF Extension: TelevisionFanatic - D:\Mozilla\Firefox\Verses (alt)\Extensions\64ffxtbr@TelevisionFanatic.com [2014-01-31]
FF Extension: Roomy Bookmarks Toolbar - D:\Mozilla\Firefox\Verses (alt)\Extensions\ALone-live@ya.ru [2014-01-31]
FF Extension: DownloadHelper - D:\Mozilla\Firefox\Verses (alt)\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-31]
FF Extension: Session Manager - D:\Mozilla\Firefox\Verses (alt)\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-01-31]
FF Extension: FireFTP - D:\Mozilla\Firefox\Verses (alt)\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-01-31]
FF Extension: Web Developer - D:\Mozilla\Firefox\Verses (alt)\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-01-31]
FF Extension: Adblock Plus - D:\Mozilla\Firefox\Verses (alt)\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]
FF Extension: FireFTP - D:\Verses\Firefox\Versesneu.profile\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-03-22]
FF Extension: Flash and Video Download - D:\Verses\Firefox\Versesneu.profile\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-03-31]
FF Extension: Download Status Bar - D:\Verses\Firefox\Versesneu.profile\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-10-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-04-04]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-08-26]
FF HKU\S-1-5-21-2629921762-3918403595-844649534-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2015-03-21]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Google Wallet) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Citavi Picker) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-09-16]
CHR Extension: (Gmail) - C:\Users\Verses\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apache2.4; C:\Program Files\Apache Foundation\Apache2.4\bin\httpd.exe [24576 2013-11-21] (Apache Software Foundation) [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-30] (Atheros Commnucations) [File not signed]
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-01-15] (CyberLink)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 EyelineService; C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe [1639504 2014-09-05] (NCH Software)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2015-02-14] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [573736 2015-02-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14297 2014-02-22] () [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [129896 2015-04-06] (SeriousBit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 openerp-server-7.0; C:\Program Files (x86)\OpenERP\Server\service\OpenERPServerService.exe [24064 2014-02-11] () [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S3 PostgreSQL_For_OpenERP; C:\Program Files (x86)\OpenERP\PostgreSQL\bin\pg_ctl.exe [79872 2012-12-04] (PostgreSQL Global Development Group) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2014-08-16] (Microsoft Corporation) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\RpcAgentSrv.exe [72344 2008-01-29] (SiSoftware) [File not signed]
R2 sfcdpsrv; C:\Program Files (x86)\Common Files\Seagate\CDP\afcdpsrv.exe [3246040 2014-01-30] (Acronis)
R2 SgtSch2Svc; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [1114688 2012-10-31] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [246272 2009-12-02] () [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-12] (Windows (R) Win 7 DDK provider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [121616 2014-03-13] (BlueStack Systems)
S3 CXPLRCAP; C:\Windows\System32\drivers\elvidcap.sys [150896 2012-08-20] (Elgato Systems GmbH)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-02-17] (REALiX(tm))
S3 jlink; C:\Windows\System32\DRIVERS\jlinkx64.sys [32984 2012-04-11] (SEGGER Microcontroller Systeme GmbH)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3604480 2013-07-30] (Sonix Co. Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2015-01-16] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:03 - 2015-04-12 15:03 - 00001928 _____ () C:\Users\Public\Desktop\Play Viking Saga.lnk
2015-04-12 15:03 - 2015-04-12 15:03 - 00001252 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2015-04-12 15:02 - 2015-04-12 15:03 - 00000000 ____D () C:\Program Files (x86)\Viking Saga
2015-04-12 15:02 - 2015-04-12 15:02 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
2015-04-12 15:02 - 2015-04-12 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viking Saga
2015-04-12 14:56 - 2015-04-12 14:56 - 00000961 _____ () C:\Users\Public\Desktop\Games.lnk
2015-04-12 14:56 - 2015-04-12 14:56 - 00000231 _____ () C:\Users\Public\Desktop\More Great Games.url
2015-04-12 14:54 - 2015-04-12 14:54 - 00001929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-04-12 14:54 - 2015-04-12 14:54 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-04-12 14:54 - 2015-04-12 14:54 - 00000000 ____D () C:\ProgramData\Big Fish
2015-04-12 14:54 - 2015-04-12 14:54 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2015-04-12 14:52 - 2015-04-12 14:56 - 00000000 ____D () C:\BigFishCache
2015-04-12 14:52 - 2015-04-12 14:54 - 00000000 ____D () C:\Users\Verses\AppData\Local\Big Fish
2015-04-11 18:34 - 2015-04-11 18:34 - 00000000 ___RD () C:\Users\Verses\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-11 12:44 - 2015-04-11 12:44 - 00000990 _____ () C:\Users\Public\Desktop\MP4 To MP3 Converter.lnk
2015-04-11 12:44 - 2015-04-11 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter
2015-04-11 12:44 - 2015-04-11 12:44 - 00000000 ____D () C:\Program Files (x86)\MP4ToMP3Converter
2015-04-10 19:53 - 2015-04-10 19:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-10 11:45 - 2015-04-10 11:45 - 00002589 _____ () C:\Users\Verses\Desktop\JRT.txt
2015-04-10 11:41 - 2015-04-10 11:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NOTEBOOK-Verses-Windows-7-Home-Premium-(64-bit).dat
2015-04-10 11:41 - 2015-04-10 11:41 - 00000000 ____D () C:\RegBackup
2015-04-10 11:35 - 2015-04-10 11:37 - 00000000 ____D () C:\AdwCleaner
2015-04-10 11:33 - 2015-04-10 11:33 - 00002216 _____ () C:\mbam.txt
2015-04-10 11:21 - 2015-04-10 11:21 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-10 11:21 - 2015-04-10 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-10 11:21 - 2015-04-10 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-10 11:21 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-10 11:21 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 19:45 - 2015-04-09 19:45 - 00050194 _____ () C:\ComboFix.txt
2015-04-09 19:06 - 2015-04-09 19:45 - 00000000 ____D () C:\Qoobox
2015-04-09 19:06 - 2015-04-09 19:39 - 00000000 ____D () C:\Windows\erdnt
2015-04-09 19:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-09 19:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-09 19:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-09 19:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-09 19:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-09 19:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-09 19:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-09 19:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-09 10:51 - 2015-04-10 11:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 10:51 - 2015-04-10 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 10:51 - 2015-04-09 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 10:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-07 21:37 - 2015-04-07 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security 2015
2015-04-07 21:25 - 2015-04-07 21:25 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-07 21:09 - 2015-04-12 15:29 - 00000000 ____D () C:\FRST
2015-04-06 09:21 - 2015-04-06 09:21 - 00000930 _____ () C:\Users\Public\Desktop\NetBalancer Tray.lnk
2015-04-06 09:21 - 2015-04-06 09:21 - 00000920 _____ () C:\Users\Public\Desktop\NetBalancer.lnk
2015-04-06 09:21 - 2015-04-06 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer
2015-04-04 16:29 - 2015-04-04 16:29 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:29 - 2015-04-04 16:29 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 10:09 - 2015-04-04 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 12:02 - 2015-04-03 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-03 09:14 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-28 19:32 - 2015-03-28 19:32 - 00000000 ____D () C:\Users\Verses\AppData\Local\TeamViewer
2015-03-28 19:30 - 2015-03-28 19:30 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-28 19:30 - 2015-03-28 19:30 - 00001033 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-28 19:30 - 2015-03-28 19:30 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-28 14:06 - 2015-03-28 14:06 - 00000000 ____D () C:\Windows\SysWOW64\Hotspot Shield
2015-03-25 10:18 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:18 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:18 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:18 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:18 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:18 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:18 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:18 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:05 - 2015-03-23 16:05 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\CADSoftTools
2015-03-23 15:52 - 2015-03-23 15:52 - 00002207 _____ () C:\Users\Public\Desktop\DWG TrueView 2016 - English.lnk
2015-03-23 15:52 - 2015-03-23 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-03-23 15:50 - 2015-03-23 15:52 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-03-23 15:50 - 2015-03-23 15:50 - 00000000 ____D () C:\Users\Verses\AppData\Local\Autodesk
2015-03-23 15:50 - 2015-03-23 15:50 - 00000000 ____D () C:\Program Files\Autodesk
2015-03-23 15:49 - 2015-03-23 15:52 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\Autodesk
2015-03-23 15:49 - 2015-03-23 15:51 - 00000000 ____D () C:\ProgramData\Autodesk
2015-03-23 15:48 - 2015-03-23 15:48 - 00001021 _____ () C:\Users\Public\Desktop\STP Viewer.lnk
2015-03-23 15:48 - 2015-03-23 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STPViewer
2015-03-23 15:48 - 2015-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\STPViewer
2015-03-23 15:48 - 2015-03-23 15:48 - 00000000 ____D () C:\Autodesk
2015-03-23 15:43 - 2015-03-23 15:43 - 00003158 _____ () C:\Windows\System32\Tasks\{EECED4D4-585D-47A6-9A16-91B89EDBF004}
2015-03-21 15:58 - 2015-03-21 15:58 - 00001534 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-21 15:58 - 2015-03-21 15:58 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-21 15:58 - 2015-03-21 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-21 15:57 - 2015-03-21 15:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-18 12:48 - 2015-03-18 12:48 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-03-18 12:48 - 2015-03-18 12:48 - 00000000 ____D () C:\Windows\system32\NV
2015-03-18 12:48 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 12:47 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 12:47 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 12:47 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-03-18 12:47 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:25 - 2014-01-30 21:51 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-12 15:17 - 2014-02-03 01:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 15:03 - 2012-06-28 00:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 15:02 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-12 14:54 - 2014-01-30 21:53 - 00000000 ____D () C:\Users\Verses\AppData\Local\CrashDumps
2015-04-12 14:02 - 2014-01-30 21:49 - 01864796 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 10:17 - 2014-02-03 01:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 09:53 - 2014-01-30 13:17 - 00000000 ____D () C:\Users\Verses\AppData\Local\VirtualStore
2015-04-12 09:22 - 2014-12-09 23:55 - 00000000 ____D () C:\Users\Verses\AppData\Local\DisplayFusion
2015-04-11 22:31 - 2009-07-14 06:51 - 00200220 _____ () C:\Windows\setupact.log
2015-04-11 18:40 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 18:40 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 18:39 - 2011-02-19 06:24 - 00702856 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 18:39 - 2011-02-19 06:24 - 00151200 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 18:39 - 2009-07-14 07:13 - 01630500 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 18:34 - 2015-01-28 18:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-11 18:34 - 2014-09-29 13:13 - 00000000 ____D () C:\Users\Verses\.rainlendar2
2015-04-11 18:34 - 2014-01-30 13:18 - 00000380 _____ () C:\Users\Verses\AppData\Roaming\sp_data.sys
2015-04-11 18:33 - 2014-01-30 21:51 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-11 18:32 - 2014-02-08 12:32 - 00000000 ____D () C:\ProgramData\VMware
2015-04-11 18:32 - 2014-01-30 21:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 18:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 15:35 - 2014-06-19 17:46 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\avidemux
2015-04-10 19:31 - 2015-01-29 16:49 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\Tropico 5
2015-04-10 11:38 - 2012-06-27 23:32 - 00621904 _____ () C:\Windows\PFRO.log
2015-04-10 11:37 - 2014-01-30 13:16 - 00000000 ____D () C:\Users\Verses
2015-04-09 19:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-09 19:25 - 2009-07-14 04:34 - 20709376 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-09 19:25 - 2009-07-14 04:34 - 178520064 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-09 19:25 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-09 19:25 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-09 19:25 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-04-08 09:05 - 2014-01-30 13:16 - 00211600 _____ () C:\Users\Verses\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 09:03 - 2009-07-14 06:45 - 00703304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-06 09:21 - 2014-03-12 20:20 - 00000000 ____D () C:\Program Files\NetBalancer
2015-04-04 16:23 - 2014-01-30 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 19:19 - 2014-04-07 11:34 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-30 19:31 - 2014-01-30 18:28 - 00001379 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 05:44 - 2014-06-03 09:36 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2014-01-30 18:25 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-03 09:36 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-01-30 18:25 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-27 12:27 - 2014-01-30 23:12 - 00005724 _____ () C:\Users\Verses\sanct.log
2015-03-27 12:27 - 2014-01-30 23:08 - 00000000 ____D () C:\ProgramData\CodeGear
2015-03-26 09:57 - 2014-12-11 02:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 09:57 - 2014-05-01 01:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 09:43 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 15:50 - 2012-06-28 00:32 - 00330153 _____ () C:\Windows\DirectX.log
2015-03-23 08:53 - 2014-02-28 20:30 - 00000000 ____D () C:\Users\Verses\AppData\Local\Unity
2015-03-22 18:08 - 2014-08-18 16:43 - 00000000 ____D () C:\Users\Verses\AppData\Local\Adobe
2015-03-22 18:08 - 2012-06-28 00:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 18:08 - 2012-06-28 00:27 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 18:08 - 2012-06-28 00:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 18:00 - 2014-02-28 20:35 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\Unity
2015-03-21 16:03 - 2014-05-24 13:53 - 00000000 ____D () C:\Users\Verses\AppData\Roaming\DVDVideoSoft
2015-03-21 11:52 - 2014-02-20 19:35 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-18 12:48 - 2014-08-26 22:44 - 00000000 ____D () C:\Temp
2015-03-18 12:48 - 2014-01-30 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 12:48 - 2014-01-30 21:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-14 10:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2015-03-13 21:41 - 2014-01-30 21:54 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-13 21:41 - 2014-01-30 21:54 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-01-30 21:54 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 01099408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-01-30 21:54 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 00075976 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-03-13 18:16 - 2014-01-30 21:54 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2014-09-14 16:59 - 2014-09-14 22:14 - 0009004 _____ () C:\Users\Verses\AppData\Roaming\.freeciv-client-rc-2.4
2014-03-13 19:46 - 2014-03-13 19:46 - 0000341 _____ () C:\Users\Verses\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-04-26 11:54 - 2014-04-27 10:18 - 0000945 _____ () C:\Users\Verses\AppData\Roaming\FastReportFMX.config
2014-10-16 13:38 - 2014-10-16 13:38 - 0000000 _____ () C:\Users\Verses\AppData\Roaming\gdfw.log
2014-10-16 13:38 - 2014-10-16 16:23 - 0002337 _____ () C:\Users\Verses\AppData\Roaming\gdscan.log
2014-02-05 18:07 - 2014-02-07 01:55 - 0000347 _____ () C:\Users\Verses\AppData\Roaming\glade-3.conf
2014-02-17 17:38 - 2014-01-17 02:08 - 14041088 _____ () C:\Users\Verses\AppData\Roaming\Sandra.mdb
2014-01-30 13:18 - 2015-04-11 18:34 - 0000380 _____ () C:\Users\Verses\AppData\Roaming\sp_data.sys
2014-10-22 17:45 - 2014-10-22 17:45 - 0008372 _____ () C:\Users\Verses\AppData\Roaming\unins000.dat
2014-10-22 17:45 - 2014-10-22 17:45 - 0709568 _____ () C:\Users\Verses\AppData\Roaming\unins000.exe
2014-10-22 17:45 - 2014-10-22 17:45 - 0012782 _____ () C:\Users\Verses\AppData\Roaming\unins000.msg
2014-03-09 00:09 - 2014-11-05 19:13 - 0007168 _____ () C:\Users\Verses\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-31 13:03 - 2015-02-16 22:11 - 0000600 _____ () C:\Users\Verses\AppData\Local\PUTTY.RND
2015-02-25 16:33 - 2015-02-25 16:33 - 0017950 _____ () C:\Users\Verses\AppData\Local\recently-used.xbel
2014-02-09 23:09 - 2014-02-09 23:09 - 0000017 _____ () C:\Users\Verses\AppData\Local\resmon.resmoncfg
2014-08-09 11:27 - 2014-08-09 11:27 - 0025475 _____ () C:\Users\Verses\AppData\Local\xlrpt_82981457068.xls
2014-08-09 11:31 - 2014-08-09 11:31 - 0025475 _____ () C:\Users\Verses\AppData\Local\xlrpt_85013995558.xls
2014-08-09 11:37 - 2014-08-09 11:37 - 0025475 _____ () C:\Users\Verses\AppData\Local\xlrpt_88972055423.xls
2014-08-09 11:39 - 2014-08-09 11:39 - 0025475 _____ () C:\Users\Verses\AppData\Local\xlrpt_8983957335.xls
2014-08-09 11:39 - 2014-08-09 11:39 - 0025475 _____ () C:\Users\Verses\AppData\Local\xlrpt_90050951455.xls
2012-06-28 00:44 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2014-01-30 22:05 - 2014-01-30 22:07 - 0000110 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-01-30 22:07 - 2014-01-30 22:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-01-30 22:06 - 2014-01-30 22:07 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-01-30 22:02 - 2014-01-30 22:04 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2014-01-30 22:04 - 2014-01-30 22:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-01-30 22:01 - 2014-01-30 22:02 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\Verses\AppData\Local\Temp\Quarantine.exe
C:\Users\Verses\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 09:44

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

schrauber · 13.04.2015, 07:37

Alle alten Java Versionen deinstallieren, aktuelle installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

D:\temp\Label_000817939.doc.js
D:\temp\Label_000817939.zip
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Noch Probleme?

Ominöse .js-Datei im E-Mail-Anhang. Leider schon geöffnet, was ist das?

Plagegeister aller Art und deren Bekämpfung: Ominöse .js-Datei im E-Mail-Anhang. Leider schon geöffnet, was ist das?