| |
| |||||||
Log-Analyse und Auswertung: Windows 7: BoBrowser Rückstände entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.04.2015, 15:58
| #1 |
 |  Windows 7: BoBrowser Rückstände entfernen Guten Tag, heute Morgen (ab ca. 00:00 Uhr) habe ich "CoreTemp" (eine Software zum Überwachen der Kerntemperatur) installiert und dabei ist etwas mitinstalliert worden. Ich war der Meinung, ich hätte die Häkchen bei der Extrasoftware entfernt. Dem war leider nicht so. Somit hat sich ein sogenannter "BoBrowser" mitinstalliert. Dieser ließ sich anfangs nicht einfach so deinstallieren. Ich ließ MBAM laufen und es fand einige Einträge, die es in Quarantäne stellte und die ich anschließend entfernte. Avira sprang auch mehrere Male an und blockte Zugriffe auf die Registry. Nach einem automatischen Suchlauf von Avira und dem Entfernen der sich in Quarantäne befundenen Einträge in MBAM, konnte ich BoBrowser deinstallieren. Avira hat heute Mittag (16.04.2015) wieder einen Zugriff auf die Registry blockiert. Wenn ich einen neuen Tab in Firefox aufmachen möchte (keine neue Seite laden, einfach auf das "Plussymbol" klicke), kommt folgende Meldung (Die url sieht wie folgt aus: "chrome://quick_start/content/index.html"): "File not found Firefox can't find the file at chrome://quick_start/content/index.html. Check the file name for capitalisation or other typing errors. Check to see if the file was moved, renamed or deleted." Es befinden sich daher sicher noch Reste auf meinem Rechner, deswegen wollte ich um Eure Hilfe bitten. Außer den oben genannten Problemen, die seit heute durch Installation der Software auftraten, hatte ich in der Vergangenheit keine Probleme. Leider ist der MBAM Log von heute morgen für mich nicht auffindbar, deswegen habe ich heute Mittag einen neuen Suchlauf gestartet. Folgende Logs im Post: "defogger_disable.txt", "Addition.txt", "Gmer.txt", → Da Post sonst zu lang als .rar: "FRST.txt", "MBAM_16042015.txt" und "AVSCAN-20150416-145739-20741216" Ich entschuldige mich für Unannehmlichkeiten und bedanke mich im Voraus. Defoggger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:28 on 16/04/2015 (Windows7)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Windows7 at 2015-04-16 14:29:32
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.24.3 - Mirillis)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oddworld: Abe's Exoddus (HKLM-x32\...\Steam App 15710) (Version: - Oddworld Inhabitants)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 4.00) (Version: 4.00 - Pesgalaxy)
Pesgalaxy.com Patch 2015 DLC Installer (HKLM-x32\...\Pesgalaxy.com Patch 2015 DLC Installer 4.00) (Version: 4.00 - Pesgalaxy)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version: - KONAMI Digital Entertainment)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rocket League Alpha [Currently Closed] (HKLM-x32\...\Steam App 252950) (Version: - ) <==== ATTENTION!
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version: - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Windows7\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
29-03-2015 21:54:20 Installed Camtasia Studio 8
05-04-2015 00:51:47 Windows Update
12-04-2015 18:10:22 Geplanter Prüfpunkt
15-04-2015 17:55:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C3FCF68-7242-4D96-A12C-C53926DE2B6A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {1D8C2AF7-0830-43B1-A579-B242B8A4A4E3} - System32\Tasks\{FD1ACF09-7381-4C15-9968-DD8C350A2142} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {297700CA-E94D-4C96-AC21-739EDF88DB85} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {37BF58C2-1004-4D87-BDCF-25501A341814} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F5E5660-70CC-4544-8CC3-DC02B10F8208} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {640C9B73-B68E-4CD0-B6F5-D9F4BE8AAC03} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {680B3F20-6D1B-4BB4-B36E-1325625F7641} - System32\Tasks\Core Temp Autostart Windows7 => d:\Program Files\Core Temp\Core Temp.exe
Task: {6BF665B7-A047-411A-AF35-9D6888CBAB33} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {8CFAB49F-E174-48E0-809F-8C131053210C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A86D113B-2F3E-4E5E-ADF7-DBD739741887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AB0378E4-CE9E-4795-8103-2039413053BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {AF6CA53F-CCE2-4A36-9B7A-D3F751D683CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B44EC09B-E917-4AF4-8DB4-F4E33B219968} - System32\Tasks\{B8E52995-44C7-49C9-9B59-6DE8F06E2752} => pcalua.exe -a C:\Users\Windows7\Downloads\forge-1.7.10-10.13.1.1217-installer-win.exe -d C:\Users\Windows7\Downloads
Task: {B744EF2A-8A66-4244-9217-D761A9686455} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BCE26F42-4864-4CCC-A1B9-7BD8F69CA7F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CE529D47-63FC-4514-BC02-7F2128F75E66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FB3171A3-2C02-47C1-A941-CE846290DD01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-17 19:48 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 18:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-02 16:43 - 2015-03-02 16:43 - 00099288 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-10 14:41 - 2015-03-30 03:28 - 00568392 _____ () D:\Program Files (x86)\puush\puush.exe
2014-11-21 17:57 - 2014-11-21 17:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-21 17:56 - 2014-11-21 17:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-20 20:32 - 2015-03-10 08:37 - 00775680 _____ () d:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 05002752 _____ () d:\Program Files (x86)\Steam\v8.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 01612800 _____ () d:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 01210368 _____ () d:\Program Files (x86)\Steam\icuuc.dll
2014-09-20 20:32 - 2015-04-14 01:44 - 02371776 _____ () d:\Program Files (x86)\Steam\video.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 02396672 _____ () d:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00442880 _____ () d:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00479744 _____ () d:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00332800 _____ () d:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00485888 _____ () d:\Program Files (x86)\Steam\libswscale-3.dll
2014-09-20 20:32 - 2015-04-14 01:44 - 00702656 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-20 20:32 - 2015-02-25 03:58 - 34641288 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-20 20:32 - 2015-02-25 03:58 - 01709960 _____ () D:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3076697788-3242137600-3789678494-500 - Administrator - Disabled)
Gast (S-1-5-21-3076697788-3242137600-3789678494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3076697788-3242137600-3789678494-1003 - Limited - Enabled)
Windows7 (S-1-5-21-3076697788-3242137600-3789678494-1001 - Administrator - Enabled) => C:\Users\Windows7
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm audacity.exe, Version 2.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bf4
Startzeit: 01d070828983cfb2
Endzeit: 2
Anwendungspfad: D:\Program Files (x86)\Audacity\audacity.exe
Berichts-ID: fb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Name des fehlerhaften Moduls: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000745ff
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xExoddus.exe0
Pfad der fehlerhaften Anwendung: Exoddus.exe1
Pfad des fehlerhaften Moduls: Exoddus.exe2
Berichtskennung: Exoddus.exe3
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8ec
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/05/2015 03:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x950
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/04/2015 05:24:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/01/2015 02:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042de8
ID des fehlerhaften Prozesses: 0x9b0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
System errors:
=============
Error: (04/16/2015 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/16/2015 00:37:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/15/2015 09:27:13 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/15/2015 04:12:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/15/2015 04:12:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/12/2015 02:46:40 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/10/2015 03:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/10/2015 03:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/10/2015 02:56:29 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/10/2015 02:26:44 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.
Microsoft Office Sessions:
=========================
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353489c01d0783e6c585f53C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe620ba003-e432-11e4-86c9-448a5b88d092
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0191c01d072b827e09a8dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown14948961-deac-11e4-b480-448a5b88d092
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353494001d071fc348a4c2aC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe34ef414c-ddf0-11e4-8955-448a5b88d092
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0195801d0712ec0fdd930C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownaaed96cb-dd22-11e4-8e35-448a5b88d092
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: audacity.exe2.0.6.0bf401d070828983cfb22D:\Program Files (x86)\Audacity\audacity.exefb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Exoddus.exe2.0.0.0365b37bbExoddus.exe2.0.0.0365b37bbc0000005000745ffa5001d0705c8001d85ad:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exed:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exe6f6bc9ed-dc59-11e4-8640-448a5b88d092
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005000000008ec01d0705a04ef30c4C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownf9f2814d-dc4d-11e4-8640-448a5b88d092
Error: (04/05/2015 03:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353495001d06f9fb060e7e3C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exebe19bb27-db93-11e4-85c6-448a5b88d092
Error: (04/04/2015 05:24:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050000000095c01d06e8554d438c9C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknowna243bfc4-dade-11e4-bbe8-448a5b88d092
Error: (04/01/2015 02:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500042de89b001d06c4da4e453f7C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe472bda85-d86e-11e4-85a5-448a5b88d092
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 24%
Total physical RAM: 8140.43 MB
Available physical RAM: 6129.72 MB
Total Pagefile: 16279.05 MB
Available Pagefile: 13737.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:202.2 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:534.22 GB) NTFS
Drive e: (SS9-0E-UT1.2_DES) (CDROM) (Total:6.39 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:931.51 GB) (Free:676.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 89075DDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C5DE631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-16 14:39:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC45 931,51GB
Running: minxxoh8.exe; Driver: C:\Users\Windows7\AppData\Local\Temp\uwtyikob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a3f9dc 5 bytes JMP 0000000166a2ea93
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a3fa24 5 bytes JMP 0000000166a2f0f8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a3fa3c 5 bytes JMP 0000000166a2d830
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a3fa8c 5 bytes JMP 0000000166a2d38c
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a3faa4 5 bytes JMP 0000000166a2d67d
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a3fb3c 5 bytes JMP 0000000166a2f338
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a3fc34 5 bytes JMP 0000000166a3a713
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a3fd48 5 bytes JMP 0000000166a2d1d4
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a3fd60 5 bytes JMP 0000000166a39d35
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a3fd94 5 bytes JMP 0000000166a3a030
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a3fe40 5 bytes JMP 0000000166a2e668
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a3fe58 5 bytes JMP 0000000166a39e5e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a400b0 5 bytes JMP 0000000166a39b7a
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a401c0 5 bytes JMP 0000000166a2d9d8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a40750 5 bytes JMP 0000000166a2f3da
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a409e0 5 bytes JMP 0000000166a39d72
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a409f8 5 bytes JMP 0000000166a2cfa8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a40a40 5 bytes JMP 0000000166a2db8e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a40b7c 5 bytes JMP 0000000166a2d0be
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a40f6c 5 bytes JMP 0000000166a2e01b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a40f84 5 bytes JMP 0000000166a2e1b7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a41014 5 bytes JMP 0000000166a2f185
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a4102c 5 bytes JMP 0000000166a2f2a8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a41044 5 bytes JMP 0000000166a2f215
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a41338 5 bytes JMP 0000000166a39f47
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a41478 5 bytes JMP 0000000166a2de8e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a41524 5 bytes JMP 0000000166a2e37b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a41714 5 bytes JMP 0000000166a2dd06
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a41a54 5 bytes JMP 0000000166a2d535
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a41b98 5 bytes JMP 0000000166a2e4fd
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007743103d 5 bytes JMP 0000000166a13904
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077431072 5 bytes JMP 0000000166a13d68
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007745c9b5 5 bytes JMP 0000000166a13a1e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!WinExec 00000000774b3041 5 bytes JMP 0000000166a13c62
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076822642 5 bytes JMP 0000000166a13f75
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000077249ebd 5 bytes JMP 000000015fe86fd4
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077250afa 5 bytes JMP 000000015fe8b735
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077251361 5 bytes JMP 000000015fe99366
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077257849 5 bytes JMP 00000001600817e7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075727edb 5 bytes JMP 000000015ff681aa
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076496143 5 bytes JMP 000000016061d2e8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007649ea09 7 bytes JMP 0000000166a4e370
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleRun 00000000764a07de 5 bytes JMP 0000000166a4de9e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764a21e1 5 bytes JMP 0000000166a51745
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000764aeba1 6 bytes JMP 0000000166a4de15
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000764aefd7 5 bytes JMP 0000000166a4ddcd
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764c54ad 5 bytes JMP 0000000166a4fdbb
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764d09ad 5 bytes JMP 0000000166a4dd6d
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764d86d3 5 bytes JMP 0000000166a507cf
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000764d9d0b 5 bytes JMP 0000000166a514ec
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000764d9d4e 5 bytes JMP 0000000166a4f3c7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 00000000764fbb09 7 bytes JMP 0000000166a4dee6
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007651eacf 5 bytes JMP 0000000166a4fa7c
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007655340b 5 bytes JMP 0000000166a508cf
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007659cfd9 5 bytes JMP 0000000166a4de56
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076a63e59 5 bytes JMP 000000015febf708
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076a63eae 5 bytes JMP 000000015fedc57b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076a64731 5 bytes JMP 000000015ff4c244
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076a65dee 5 bytes JMP 000000015ff59bf9
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000076a927a6 5 bytes JMP 0000000166a503db
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000076a9329c 5 bytes JMP 0000000166a4dd25
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000076aa8f68 5 bytes JMP 0000000166a5056f
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a3f9dc 5 bytes JMP 0000000166a2ea93
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a3fa24 5 bytes JMP 0000000166a2f0f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a3fa3c 5 bytes JMP 0000000166a2d830
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a3fa8c 5 bytes JMP 0000000166a2d38c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a3faa4 5 bytes JMP 0000000166a2d67d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a3fb3c 5 bytes JMP 0000000166a2f338
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a3fc34 5 bytes JMP 0000000166a3a713
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a3fd48 5 bytes JMP 0000000166a2d1d4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a3fd60 5 bytes JMP 0000000166a39d35
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a3fd94 5 bytes JMP 0000000166a3a030
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a3fe40 5 bytes JMP 0000000166a2e668
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a3fe58 5 bytes JMP 0000000166a39e5e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a400b0 5 bytes JMP 0000000166a39b7a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a401c0 5 bytes JMP 0000000166a2d9d8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a40750 5 bytes JMP 0000000166a2f3da
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a409e0 5 bytes JMP 0000000166a39d72
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a409f8 5 bytes JMP 0000000166a2cfa8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a40a40 5 bytes JMP 0000000166a2db8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a40b7c 5 bytes JMP 0000000166a2d0be
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a40f6c 5 bytes JMP 0000000166a2e01b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a40f84 5 bytes JMP 0000000166a2e1b7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a41014 5 bytes JMP 0000000166a2f185
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a4102c 5 bytes JMP 0000000166a2f2a8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a41044 5 bytes JMP 0000000166a2f215
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a41338 5 bytes JMP 0000000166a39f47
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a41478 5 bytes JMP 0000000166a2de8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a41524 5 bytes JMP 0000000166a2e37b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a41714 5 bytes JMP 0000000166a2dd06
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a41a54 5 bytes JMP 0000000166a2d535
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a41b98 5 bytes JMP 0000000166a2e4fd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007743103d 5 bytes JMP 0000000166a13904
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077431072 5 bytes JMP 0000000166a13d68
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007745c9b5 5 bytes JMP 0000000166a13a1e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!WinExec 00000000774b3041 5 bytes JMP 0000000166a13c62
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076822642 5 bytes JMP 0000000166a13f75
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000077249ebd 5 bytes JMP 000000015fe86fd4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077250afa 5 bytes JMP 000000015fe8b735
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077251361 5 bytes JMP 000000015fe99366
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077257849 5 bytes JMP 00000001600817e7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075727edb 5 bytes JMP 000000015ff681aa
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076496143 5 bytes JMP 000000016061d2e8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007649ea09 7 bytes JMP 0000000166a4e370
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleRun 00000000764a07de 5 bytes JMP 0000000166a4de9e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764a21e1 5 bytes JMP 0000000166a51745
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000764aeba1 6 bytes JMP 0000000166a4de15
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000764aefd7 5 bytes JMP 0000000166a4ddcd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764c54ad 5 bytes JMP 0000000166a4fdbb
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764d09ad 5 bytes JMP 0000000166a4dd6d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764d86d3 5 bytes JMP 0000000166a507cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000764d9d0b 5 bytes JMP 0000000166a514ec
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000764d9d4e 5 bytes JMP 0000000166a4f3c7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 00000000764fbb09 7 bytes JMP 0000000166a4dee6
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007651eacf 5 bytes JMP 0000000166a4fa7c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007655340b 5 bytes JMP 0000000166a508cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007659cfd9 5 bytes JMP 0000000166a4de56
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!SysFreeString 0000000076a63e59 5 bytes JMP 000000015febf708
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!VariantClear 0000000076a63eae 5 bytes JMP 000000015fedc57b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen 0000000076a64731 5 bytes JMP 000000015ff4c244
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!VariantChangeType 0000000076a65dee 5 bytes JMP 000000015ff59bf9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 0000000076a927a6 5 bytes JMP 0000000166a503db
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000076a9329c 5 bytes JMP 0000000166a4dd25
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000076aa8f68 5 bytes JMP 0000000166a5056f
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 000000005fe60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 000000005aba0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 0000000066230000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 000000005fe60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000648c0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000063c60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 000000005aba0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066230000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000656b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066350000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000065610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066200000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000661a0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000064810000
---- EOF - GMER 2.1 ----
|
|
16.04.2015, 17:43
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: BoBrowser Rückstände entfernen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
16.04.2015, 17:55
| #3 |
| | Windows 7: BoBrowser Rückstände entfernen Hier die Logs, danke.
__________________Edit: Ich dachte wenn man einen Post dranhängt, wird der Thread als bereits bearbeitet empfunden. Deshalb die Anhänge. Wird für's nächste Mal gemerkt. FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Windows7 (administrator) on WINDOWS7-PC on 16-04-2015 14:29:05
Running from C:\Users\Windows7\Downloads
Loaded Profiles: Windows7 (Available profiles: Windows7)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() D:\Program Files (x86)\puush\puush.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [Xvid] => D:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [OneDrive] => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\RunOnce: [Uninstall C:\Users\Windows7\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Windows7\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\RunOnce: [Uninstall C:\Users\Windows7\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Windows7\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\RunOnce: [Uninstall C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\MountPoints2: {cb665b59-aadb-11e4-8a12-448a5b88d092} - G:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-08] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://psyonix.com/forum/viewforum.php?f=33&sid=dcbf5fb5c07e6efca6fe97e98b161b34
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\user.js [2015-04-16]
FF Extension: Segurança do navegador Avira - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: MEGA - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\firefox@mega.co.nz.xpi [2015-01-11]
FF Extension: No Name - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-09-08]
FF Extension: Adblock Plus - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-08]
FF HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1429137368&from=smt&uid=ST31000524AS_5VP83DCEXXXX5VP83DCE"
CHR Profile: C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Keep Awake) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijihlabcfdnabacffofojgmehjdielb [2014-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; d:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-11] (Avira Operations GmbH & Co. KG)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 14:29 - 2015-04-16 14:29 - 00017309 _____ () C:\Users\Windows7\Downloads\FRST.txt
2015-04-16 14:28 - 2015-04-16 14:29 - 00000000 ____D () C:\FRST
2015-04-16 14:28 - 2015-04-16 14:28 - 02097664 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64.exe
2015-04-16 14:28 - 2015-04-16 14:28 - 00000478 _____ () C:\Users\Windows7\Downloads\defogger_disable.log
2015-04-16 14:28 - 2015-04-16 14:28 - 00000000 _____ () C:\Users\Windows7\defogger_reenable
2015-04-16 14:27 - 2015-04-16 14:27 - 00050477 _____ () C:\Users\Windows7\Downloads\Defogger.exe
2015-04-16 14:12 - 2015-04-16 14:12 - 00000000 ___HD () C:\OneDriveTemp
2015-04-16 02:34 - 2015-04-16 02:34 - 00054534 _____ () C:\Users\Windows7\Desktop\avira_16042015_AVSCAN-20150416-005232-BA79B4C8.txt
2015-04-16 00:46 - 2015-04-16 00:46 - 00002744 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Windows7
2015-04-16 00:34 - 2015-04-16 00:35 - 01285176 _____ (Alcpu ) C:\Users\Windows7\Downloads\Core-Temp-installer.exe
2015-04-15 16:12 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 16:12 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:12 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:12 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:12 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:12 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:12 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 16:12 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:12 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:12 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:12 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:12 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 16:12 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 16:12 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 16:12 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 16:12 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 16:12 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 16:12 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 16:12 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 16:12 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 16:12 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 16:12 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 16:12 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 16:12 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 16:12 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 16:12 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 16:12 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:12 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 16:12 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 16:12 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:12 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:12 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 16:12 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:54 - 2015-04-14 22:54 - 00000000 ____D () C:\Users\Windows7\AppData\Local\openvr
2015-04-12 02:27 - 2015-04-12 02:28 - 92307608 _____ () C:\Users\Windows7\Downloads\Video 12-04-2015 02-18-44.mp4
2015-04-11 20:33 - 2015-04-11 20:33 - 00080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
2015-04-08 19:58 - 2015-04-08 19:58 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Sony Creative Software Inc
2015-04-07 15:39 - 2015-04-07 15:39 - 00629890 _____ () C:\Users\Windows7\Downloads\themes.7z
2015-04-07 15:36 - 2014-06-13 20:05 - 00000344 _____ () C:\Users\Windows7\Downloads\Readme.txt
2015-04-05 15:26 - 2015-04-05 15:26 - 02802944 _____ () C:\Users\Windows7\Downloads\mp3tagv269setup.exe
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 07:08 - 2015-04-04 07:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 00:01 - 2015-04-02 00:01 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Urban Trial Freestyle
2015-04-01 15:39 - 2015-04-01 15:39 - 00000253 _____ () C:\Users\Windows7\Downloads\offset_tiles_pattern_for_gimp_by_monsoonami.pat
2015-03-31 03:29 - 2015-04-04 12:14 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\dvdcss
2015-03-30 06:39 - 2015-03-30 06:40 - 00322496 _____ () C:\Windows\Minidump\033015-19624-01.dmp
2015-03-30 04:24 - 2015-04-15 16:40 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\vlc
2015-03-29 21:56 - 2015-03-29 22:00 - 00000000 ____D () C:\Users\Windows7\Documents\Camtasia Studio
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TechSmith
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Local\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000895 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-29 21:54 - 2015-03-29 21:54 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-29 21:51 - 2015-03-29 21:53 - 259562296 _____ () C:\Users\Windows7\Downloads\camtasia.exe
2015-03-28 17:45 - 2015-03-28 17:45 - 00000779 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MotioninJoy
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-03-28 17:45 - 2011-12-07 20:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-03-28 17:44 - 2015-03-28 17:44 - 04117346 _____ () C:\Users\Windows7\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-03-26 20:29 - 2015-03-26 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-03-26 18:37 - 2015-03-26 18:37 - 00000000 ____D () C:\ProgramData\Steam
2015-03-26 02:25 - 2015-03-26 02:25 - 00187628 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00 Switch Fix.rar
2015-03-26 02:24 - 2015-03-26 02:25 - 160786918 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part09.rar
2015-03-26 02:21 - 2015-03-26 02:24 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part08.rar
2015-03-26 02:17 - 2015-03-26 02:21 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part07.rar
2015-03-26 02:14 - 2015-03-26 02:17 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part06.rar
2015-03-26 02:10 - 2015-03-26 02:13 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part05.rar
2015-03-26 02:07 - 2015-03-26 02:10 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part04.rar
2015-03-26 02:02 - 2015-03-26 02:06 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part03.rar
2015-03-26 01:59 - 2015-03-26 02:02 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part02.rar
2015-03-26 01:55 - 2015-03-26 01:59 - 524288000 _____ () C:\Users\Windows7\Desktop\Pesgalaxy.com Patch 2015 4.00.part01.rar
2015-03-26 01:38 - 2015-03-26 01:38 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Origin
2015-03-26 01:37 - 2015-03-26 01:39 - 00000000 ____D () C:\ProgramData\Origin
2015-03-26 01:36 - 2015-03-26 01:36 - 17111696 _____ (Electronic Arts, Inc.) C:\Users\Windows7\Downloads\OriginThinSetup.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 01799904 _____ () C:\Users\Windows7\Downloads\openvpn-install-2.3.6-I603-x86_64.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Users\Windows7\AppData\Local\2K Games
2015-03-21 21:15 - 2015-03-21 21:15 - 00527423 _____ ( ) C:\Users\Windows7\Downloads\Lame_v3.99.3_for_Windows.exe
2015-03-21 21:07 - 2015-04-06 18:06 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Audacity
2015-03-21 21:07 - 2015-03-21 21:07 - 22892794 _____ (Audacity Team ) C:\Users\Windows7\Downloads\audacity-win-2.0.6.exe
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-21 20:51 - 2015-03-21 20:51 - 00000016 ____H () C:\Users\Windows7\Documents\mxfilerelatedcache.mxc2
2015-03-21 20:35 - 2015-03-21 20:35 - 03032920 _____ (MAGIX Software GmbH) C:\Users\Windows7\Downloads\trial_musicmaker2015_dlm.exe
2015-03-18 18:05 - 2015-04-06 14:35 - 00000000 ____D () C:\Users\Windows7\AppData\Local\CrashDumps
2015-03-18 14:47 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 14:45 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 14:45 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 14:45 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 14:28 - 2014-09-08 15:26 - 00000000 ____D () C:\Users\Windows7
2015-04-16 14:27 - 2014-09-08 15:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 14:26 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 14:26 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 14:25 - 2014-10-01 16:02 - 00000000 ____D () C:\Users\Windows7\Desktop\puush screenshots
2015-04-16 14:17 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-04-16 14:17 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-04-16 14:17 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 14:14 - 2014-09-08 15:26 - 01063100 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 14:12 - 2014-10-27 17:32 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC
2015-04-16 14:12 - 2014-10-14 18:47 - 00000000 ___RD () C:\Users\Windows7\OneDrive
2015-04-16 14:11 - 2014-10-18 13:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 14:11 - 2009-07-14 06:51 - 00095396 _____ () C:\Windows\setupact.log
2015-04-16 14:10 - 2014-09-08 17:42 - 00599796 _____ () C:\Windows\PFRO.log
2015-04-16 14:10 - 2011-06-07 15:35 - 00000000 ____D () C:\Windows\Panther
2015-04-16 14:10 - 2011-06-07 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-16 14:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 02:35 - 2014-10-23 21:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 01:16 - 2015-03-09 16:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\OBS
2015-04-16 00:39 - 2014-10-18 13:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 00:39 - 2014-09-08 16:44 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 16:44 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 15:27 - 00001425 _____ () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 20:53 - 2014-12-11 19:37 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:53 - 2014-09-08 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 18:00 - 2014-09-08 20:46 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 17:59 - 2014-09-08 16:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 17:57 - 2014-09-08 16:29 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 22:03 - 2014-09-29 18:31 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\.minecraft
2015-04-14 19:27 - 2014-09-08 15:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 19:27 - 2014-09-08 15:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 19:27 - 2014-09-08 15:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 19:30 - 2014-09-22 16:53 - 00000000 ____D () C:\Users\Windows7\Documents\Movie Studio Platinum 12.0 Projects
2015-04-13 18:57 - 2014-12-19 17:21 - 00000940 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-04-13 18:57 - 2014-10-01 18:38 - 00004448 _____ () C:\Windows\windefendam.log
2015-04-13 18:57 - 2014-10-01 18:38 - 00000020 _____ () C:\Windows\capsys184523.log
2015-04-12 02:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 23:39 - 2014-09-20 21:02 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TS3Client
2015-04-11 21:00 - 2014-09-20 20:54 - 00000000 ____D () C:\Users\Windows7\.gimp-2.8
2015-04-11 20:33 - 2014-10-02 17:38 - 00000000 ____D () C:\Users\Windows7\AppData\Local\gtk-2.0
2015-04-11 20:10 - 2014-10-02 17:34 - 00000000 ____D () C:\Users\Windows7\.thumbnails
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 19:22 - 2014-10-15 20:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Mp3tag
2015-04-07 17:18 - 2014-09-20 20:54 - 00000626 _____ () C:\Users\Windows7\Desktop\music.lnk
2015-04-07 16:57 - 2015-01-18 02:57 - 00000000 ____D () C:\Users\Windows7\Desktop\games
2015-04-05 15:27 - 2014-09-20 20:47 - 00000692 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-04-05 14:54 - 2014-09-08 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 13:11 - 2014-11-15 23:05 - 00000000 ____D () C:\Users\Windows7\Documents\Telltale Games
2015-04-02 08:57 - 2014-10-19 16:08 - 00001768 _____ () C:\Windows\SecuniaPackage.log
2015-04-01 09:36 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Avira
2015-04-01 09:35 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Avira
2015-04-01 09:29 - 2009-07-14 06:45 - 05977264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-01 01:52 - 2014-09-08 15:50 - 00420960 _____ () C:\Users\Windows7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 08:18 - 2015-02-18 12:44 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-30 06:39 - 2015-01-21 17:26 - 623105246 _____ () C:\Windows\MEMORY.DMP
2015-03-30 06:39 - 2015-01-21 17:26 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 21:31 - 2015-02-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-28 21:05 - 2014-10-21 14:15 - 00000000 ____D () C:\Users\Windows7\Desktop\uni
2015-03-27 19:05 - 2014-12-25 19:39 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-26 01:23 - 2015-03-11 19:39 - 00000000 ____D () C:\Users\Windows7\AppData\Local\ftblauncher
2015-03-25 22:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-23 18:02 - 2015-02-27 16:30 - 00000766 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-21 21:23 - 2014-09-23 22:56 - 00526951 _____ () C:\Windows\DirectX.log
2015-03-21 21:06 - 2014-12-13 23:30 - 00000000 ___RD () C:\Users\Windows7\Documents\MAGIX
2015-03-21 21:05 - 2014-12-13 23:31 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 20:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 20:50 - 2014-12-13 23:18 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MAGIX
2015-03-21 20:48 - 2014-12-13 23:29 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-20 17:59 - 2014-10-21 14:49 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Adobe
2015-03-18 14:47 - 2014-09-17 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 14:46 - 2011-06-07 15:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 13:55 - 2014-10-14 18:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
==================== Files in the root of some directories =======
2015-04-11 20:33 - 2015-04-11 20:33 - 0080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\avgnt.exe
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe
C:\Users\Windows7\AppData\Local\Temp\setup.exe
C:\Users\Windows7\AppData\Local\Temp\tmd_34017998.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_0.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_1.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_2.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_3.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_4.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_5.exe
C:\Users\Windows7\AppData\Local\Temp\_Uninstall_6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 14:16
==================== End Of Log ============================
--- --- --- MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16.04.2015 Scan Time: 14:47:07 Logfile: MBAM_16042015.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.04.16.03 Rootkit Database: v2015.03.31.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Windows7 Scan Type: Threat Scan Result: Completed Objects Scanned: 340210 Time Elapsed: 8 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.QuickStart.A, C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[77cc6c017515b77f612d122e55b1bc44] Physical Sectors: 0 (No malicious items detected) (end) Avira Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 16. April 2015 14:57
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : WINDOWS7-PC
Versionsinformationen:
BUILD.DAT : 15.0.9.504 94784 Bytes 24.03.2015 14:59:00
AVSCAN.EXE : 15.0.9.504 1027528 Bytes 01.04.2015 07:34:53
AVSCANRC.DLL : 15.0.9.460 64760 Bytes 01.04.2015 07:34:54
LUKE.DLL : 15.0.9.460 60664 Bytes 01.04.2015 07:35:02
AVSCPLR.DLL : 15.0.9.460 95536 Bytes 01.04.2015 07:34:54
REPAIR.DLL : 15.0.9.504 374064 Bytes 01.04.2015 07:34:53
REPAIR.RDF : 1.0.7.16 834076 Bytes 15.04.2015 14:08:41
AVREG.DLL : 15.0.9.460 273712 Bytes 01.04.2015 07:34:53
AVLODE.DLL : 15.0.9.504 596272 Bytes 01.04.2015 07:34:52
AVLODE.RDF : 14.0.4.64 79226 Bytes 09.04.2015 11:32:31
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00209.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00210.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00211.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00212.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00213.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00214.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00215.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00216.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00217.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00218.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00219.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00220.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00221.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00222.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00223.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00224.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00225.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00226.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00227.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00228.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00229.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00230.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00231.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00232.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00233.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00234.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00235.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00236.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00237.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00238.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00239.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00240.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00241.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00242.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00243.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00244.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:26
XBV00245.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00246.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00247.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00248.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00249.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00250.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00251.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00252.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00253.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00254.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00255.VDF : 8.11.219.166 2048 Bytes 25.03.2015 15:49:27
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 08:30:21
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:30:21
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 08:30:21
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 08:30:21
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 08:30:21
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 08:30:21
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 08:30:21
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 08:30:21
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 08:30:21
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 17:37:11
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:08:13
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 17:45:32
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 12:12:02
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 14:07:46
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 12:09:47
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 06:27:01
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 17:09:39
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 15:49:21
XBV00042.VDF : 8.11.219.194 36864 Bytes 25.03.2015 21:49:18
XBV00043.VDF : 8.11.219.218 7168 Bytes 25.03.2015 21:49:18
XBV00044.VDF : 8.11.219.242 6144 Bytes 25.03.2015 15:36:24
XBV00045.VDF : 8.11.219.244 7680 Bytes 25.03.2015 15:36:24
XBV00046.VDF : 8.11.219.246 5632 Bytes 26.03.2015 15:36:24
XBV00047.VDF : 8.11.219.250 38400 Bytes 26.03.2015 15:36:24
XBV00048.VDF : 8.11.219.252 14336 Bytes 26.03.2015 15:36:24
XBV00049.VDF : 8.11.219.254 18432 Bytes 26.03.2015 15:36:24
XBV00050.VDF : 8.11.220.0 7680 Bytes 26.03.2015 15:36:24
XBV00051.VDF : 8.11.220.2 10240 Bytes 26.03.2015 21:36:18
XBV00052.VDF : 8.11.220.6 2048 Bytes 26.03.2015 21:36:18
XBV00053.VDF : 8.11.220.8 2560 Bytes 26.03.2015 21:36:18
XBV00054.VDF : 8.11.220.10 17408 Bytes 26.03.2015 21:36:18
XBV00055.VDF : 8.11.220.12 2048 Bytes 26.03.2015 21:36:18
XBV00056.VDF : 8.11.220.16 23040 Bytes 26.03.2015 17:08:31
XBV00057.VDF : 8.11.220.18 8704 Bytes 26.03.2015 17:08:31
XBV00058.VDF : 8.11.220.22 30720 Bytes 27.03.2015 17:08:31
XBV00059.VDF : 8.11.220.24 6144 Bytes 27.03.2015 17:08:31
XBV00060.VDF : 8.11.220.26 2048 Bytes 27.03.2015 17:08:31
XBV00061.VDF : 8.11.220.48 9728 Bytes 27.03.2015 17:08:31
XBV00062.VDF : 8.11.220.68 14848 Bytes 27.03.2015 17:08:31
XBV00063.VDF : 8.11.220.88 23552 Bytes 27.03.2015 17:08:31
XBV00064.VDF : 8.11.220.108 9216 Bytes 27.03.2015 17:08:31
XBV00065.VDF : 8.11.220.110 15360 Bytes 27.03.2015 17:08:31
XBV00066.VDF : 8.11.220.116 27648 Bytes 27.03.2015 23:08:31
XBV00067.VDF : 8.11.220.118 10752 Bytes 27.03.2015 15:39:04
XBV00068.VDF : 8.11.220.120 6144 Bytes 27.03.2015 15:39:04
XBV00069.VDF : 8.11.220.122 62976 Bytes 28.03.2015 15:39:05
XBV00070.VDF : 8.11.220.124 2048 Bytes 28.03.2015 15:39:05
XBV00071.VDF : 8.11.220.126 9728 Bytes 28.03.2015 15:39:05
XBV00072.VDF : 8.11.220.128 20992 Bytes 28.03.2015 15:39:05
XBV00073.VDF : 8.11.220.148 54784 Bytes 29.03.2015 19:02:34
XBV00074.VDF : 8.11.220.176 7680 Bytes 29.03.2015 19:02:34
XBV00075.VDF : 8.11.220.196 32768 Bytes 30.03.2015 01:29:01
XBV00076.VDF : 8.11.220.216 2048 Bytes 30.03.2015 01:29:01
XBV00077.VDF : 8.11.220.236 9728 Bytes 30.03.2015 01:29:01
XBV00078.VDF : 8.11.220.238 15360 Bytes 30.03.2015 01:29:01
XBV00079.VDF : 8.11.220.240 9216 Bytes 30.03.2015 01:29:01
XBV00080.VDF : 8.11.220.242 4608 Bytes 30.03.2015 01:29:01
XBV00081.VDF : 8.11.220.248 58368 Bytes 30.03.2015 01:29:01
XBV00082.VDF : 8.11.220.250 2048 Bytes 30.03.2015 01:29:01
XBV00083.VDF : 8.11.220.252 2048 Bytes 30.03.2015 01:29:01
XBV00084.VDF : 8.11.220.254 39424 Bytes 31.03.2015 01:29:01
XBV00085.VDF : 8.11.221.0 2048 Bytes 31.03.2015 01:29:01
XBV00086.VDF : 8.11.221.6 40960 Bytes 31.03.2015 13:28:37
XBV00087.VDF : 8.11.221.8 2048 Bytes 31.03.2015 13:28:37
XBV00088.VDF : 8.11.221.10 16896 Bytes 31.03.2015 13:28:37
XBV00089.VDF : 8.11.221.30 10240 Bytes 31.03.2015 13:28:37
XBV00090.VDF : 8.11.221.48 29184 Bytes 31.03.2015 19:28:38
XBV00091.VDF : 8.11.221.50 2048 Bytes 31.03.2015 19:28:38
XBV00092.VDF : 8.11.221.70 27648 Bytes 31.03.2015 07:35:04
XBV00093.VDF : 8.11.221.88 3584 Bytes 31.03.2015 07:35:04
XBV00094.VDF : 8.11.221.90 32256 Bytes 31.03.2015 07:35:04
XBV00095.VDF : 8.11.221.94 34816 Bytes 01.04.2015 07:35:04
XBV00096.VDF : 8.11.221.96 8704 Bytes 01.04.2015 07:35:04
XBV00097.VDF : 8.11.221.100 8704 Bytes 01.04.2015 09:36:10
XBV00098.VDF : 8.11.221.102 7680 Bytes 01.04.2015 13:36:11
XBV00099.VDF : 8.11.221.106 39936 Bytes 01.04.2015 19:36:09
XBV00100.VDF : 8.11.221.124 8704 Bytes 01.04.2015 19:36:09
XBV00101.VDF : 8.11.221.142 12288 Bytes 01.04.2015 19:36:10
XBV00102.VDF : 8.11.221.160 7168 Bytes 01.04.2015 06:56:55
XBV00103.VDF : 8.11.221.178 7168 Bytes 01.04.2015 06:56:55
XBV00104.VDF : 8.11.221.196 8192 Bytes 01.04.2015 06:56:55
XBV00105.VDF : 8.11.221.200 33280 Bytes 02.04.2015 06:56:55
XBV00106.VDF : 8.11.221.202 2048 Bytes 02.04.2015 06:56:55
XBV00107.VDF : 8.11.221.204 28160 Bytes 02.04.2015 16:56:47
XBV00108.VDF : 8.11.221.206 2048 Bytes 02.04.2015 16:56:47
XBV00109.VDF : 8.11.221.208 33792 Bytes 02.04.2015 16:56:47
XBV00110.VDF : 8.11.221.210 24576 Bytes 02.04.2015 01:35:13
XBV00111.VDF : 8.11.221.214 18944 Bytes 02.04.2015 01:35:13
XBV00112.VDF : 8.11.221.216 11264 Bytes 02.04.2015 05:35:18
XBV00113.VDF : 8.11.221.220 29696 Bytes 03.04.2015 05:35:18
XBV00114.VDF : 8.11.221.222 2048 Bytes 03.04.2015 05:35:18
XBV00115.VDF : 8.11.221.224 31232 Bytes 03.04.2015 03:18:39
XBV00116.VDF : 8.11.221.242 3584 Bytes 03.04.2015 03:18:39
XBV00117.VDF : 8.11.222.2 11776 Bytes 03.04.2015 03:18:39
XBV00118.VDF : 8.11.222.18 7168 Bytes 03.04.2015 03:18:39
XBV00119.VDF : 8.11.222.34 6656 Bytes 03.04.2015 03:18:39
XBV00120.VDF : 8.11.222.38 15360 Bytes 03.04.2015 03:18:39
XBV00121.VDF : 8.11.222.40 5632 Bytes 03.04.2015 03:18:39
XBV00122.VDF : 8.11.222.42 6144 Bytes 03.04.2015 03:18:39
XBV00123.VDF : 8.11.222.44 46592 Bytes 04.04.2015 11:18:39
XBV00124.VDF : 8.11.222.46 2048 Bytes 04.04.2015 11:18:39
XBV00125.VDF : 8.11.222.48 2048 Bytes 04.04.2015 11:18:39
XBV00126.VDF : 8.11.222.50 36864 Bytes 04.04.2015 15:24:04
XBV00127.VDF : 8.11.222.52 2048 Bytes 04.04.2015 15:24:04
XBV00128.VDF : 8.11.222.68 68096 Bytes 05.04.2015 12:57:11
XBV00129.VDF : 8.11.222.84 2048 Bytes 05.04.2015 12:57:11
XBV00130.VDF : 8.11.222.116 18432 Bytes 05.04.2015 12:57:11
XBV00131.VDF : 8.11.222.132 62464 Bytes 06.04.2015 11:13:38
XBV00132.VDF : 8.11.222.134 10752 Bytes 06.04.2015 11:13:38
XBV00133.VDF : 8.11.222.138 2048 Bytes 06.04.2015 11:13:38
XBV00134.VDF : 8.11.222.154 13312 Bytes 06.04.2015 11:13:38
XBV00135.VDF : 8.11.222.156 8704 Bytes 06.04.2015 13:13:39
XBV00136.VDF : 8.11.222.158 9216 Bytes 06.04.2015 15:13:40
XBV00137.VDF : 8.11.222.160 2048 Bytes 06.04.2015 15:13:40
XBV00138.VDF : 8.11.222.164 18432 Bytes 06.04.2015 21:13:40
XBV00139.VDF : 8.11.222.166 10752 Bytes 06.04.2015 12:36:29
XBV00140.VDF : 8.11.222.182 7168 Bytes 06.04.2015 12:36:29
XBV00141.VDF : 8.11.222.196 8704 Bytes 07.04.2015 12:36:29
XBV00142.VDF : 8.11.222.212 29696 Bytes 07.04.2015 12:36:29
XBV00143.VDF : 8.11.222.226 6656 Bytes 07.04.2015 12:36:29
XBV00144.VDF : 8.11.222.228 10752 Bytes 07.04.2015 12:36:29
XBV00145.VDF : 8.11.222.230 4096 Bytes 07.04.2015 12:36:29
XBV00146.VDF : 8.11.222.232 5120 Bytes 07.04.2015 12:36:29
XBV00147.VDF : 8.11.222.234 5632 Bytes 07.04.2015 12:36:29
XBV00148.VDF : 8.11.222.240 34816 Bytes 07.04.2015 20:36:28
XBV00149.VDF : 8.11.222.242 2048 Bytes 07.04.2015 20:36:28
XBV00150.VDF : 8.11.222.244 3584 Bytes 07.04.2015 22:36:26
XBV00151.VDF : 8.11.222.246 24576 Bytes 07.04.2015 22:36:26
XBV00152.VDF : 8.11.222.250 37888 Bytes 08.04.2015 13:07:08
XBV00153.VDF : 8.11.223.8 12800 Bytes 08.04.2015 13:07:08
XBV00154.VDF : 8.11.223.22 2048 Bytes 08.04.2015 13:07:08
XBV00155.VDF : 8.11.223.36 10752 Bytes 08.04.2015 13:07:08
XBV00156.VDF : 8.11.223.52 35328 Bytes 08.04.2015 19:07:06
XBV00157.VDF : 8.11.223.66 7168 Bytes 08.04.2015 21:07:06
XBV00158.VDF : 8.11.223.68 2048 Bytes 08.04.2015 21:07:06
XBV00159.VDF : 8.11.223.72 15360 Bytes 08.04.2015 23:07:08
XBV00160.VDF : 8.11.223.74 7168 Bytes 09.04.2015 11:32:31
XBV00161.VDF : 8.11.223.78 38400 Bytes 09.04.2015 11:32:31
XBV00162.VDF : 8.11.223.80 2048 Bytes 09.04.2015 11:32:31
XBV00163.VDF : 8.11.223.82 35328 Bytes 09.04.2015 11:32:31
XBV00164.VDF : 8.11.223.90 80896 Bytes 09.04.2015 12:28:57
XBV00165.VDF : 8.11.223.92 2048 Bytes 09.04.2015 12:28:57
XBV00166.VDF : 8.11.223.94 30208 Bytes 09.04.2015 12:28:57
XBV00167.VDF : 8.11.223.108 30208 Bytes 10.04.2015 12:28:57
XBV00168.VDF : 8.11.223.120 35840 Bytes 10.04.2015 16:28:53
XBV00169.VDF : 8.11.223.124 3072 Bytes 10.04.2015 16:28:53
XBV00170.VDF : 8.11.223.136 20480 Bytes 10.04.2015 16:28:53
XBV00171.VDF : 8.11.223.148 14848 Bytes 10.04.2015 18:28:56
XBV00172.VDF : 8.11.223.150 2048 Bytes 10.04.2015 18:28:56
XBV00173.VDF : 8.11.223.154 23552 Bytes 10.04.2015 22:28:54
XBV00174.VDF : 8.11.223.156 8192 Bytes 10.04.2015 22:28:54
XBV00175.VDF : 8.11.223.158 7680 Bytes 11.04.2015 12:35:10
XBV00176.VDF : 8.11.223.162 49152 Bytes 11.04.2015 12:35:10
XBV00177.VDF : 8.11.223.164 2048 Bytes 11.04.2015 12:35:10
XBV00178.VDF : 8.11.223.176 18944 Bytes 11.04.2015 14:35:08
XBV00179.VDF : 8.11.223.192 68096 Bytes 12.04.2015 12:34:42
XBV00180.VDF : 8.11.223.194 2048 Bytes 12.04.2015 12:34:42
XBV00181.VDF : 8.11.223.196 2048 Bytes 12.04.2015 12:34:42
XBV00182.VDF : 8.11.223.208 13312 Bytes 12.04.2015 16:53:31
XBV00183.VDF : 8.11.223.210 6144 Bytes 12.04.2015 16:53:31
XBV00184.VDF : 8.11.223.222 75776 Bytes 13.04.2015 16:17:29
XBV00185.VDF : 8.11.223.224 2048 Bytes 13.04.2015 16:17:29
XBV00186.VDF : 8.11.223.236 27648 Bytes 13.04.2015 16:17:29
XBV00187.VDF : 8.11.223.246 2048 Bytes 13.04.2015 16:17:29
XBV00188.VDF : 8.11.224.2 9728 Bytes 13.04.2015 15:30:43
XBV00189.VDF : 8.11.224.12 33792 Bytes 13.04.2015 15:30:43
XBV00190.VDF : 8.11.224.22 40448 Bytes 14.04.2015 15:30:43
XBV00191.VDF : 8.11.224.28 26112 Bytes 14.04.2015 15:30:43
XBV00192.VDF : 8.11.224.32 49152 Bytes 14.04.2015 17:30:39
XBV00193.VDF : 8.11.224.34 12288 Bytes 14.04.2015 21:30:40
XBV00194.VDF : 8.11.224.36 8704 Bytes 14.04.2015 21:30:40
XBV00195.VDF : 8.11.224.46 6656 Bytes 14.04.2015 14:08:39
XBV00196.VDF : 8.11.224.48 2048 Bytes 14.04.2015 14:08:39
XBV00197.VDF : 8.11.224.58 12288 Bytes 15.04.2015 14:08:39
XBV00198.VDF : 8.11.224.68 5632 Bytes 15.04.2015 14:08:39
XBV00199.VDF : 8.11.224.72 29184 Bytes 15.04.2015 14:08:39
XBV00200.VDF : 8.11.224.82 17920 Bytes 15.04.2015 14:08:40
XBV00201.VDF : 8.11.224.84 29184 Bytes 15.04.2015 14:08:40
XBV00202.VDF : 8.11.224.90 29184 Bytes 15.04.2015 19:00:14
XBV00203.VDF : 8.11.224.92 18432 Bytes 15.04.2015 19:00:14
XBV00204.VDF : 8.11.224.102 13824 Bytes 15.04.2015 19:00:14
XBV00205.VDF : 8.11.224.112 18944 Bytes 15.04.2015 23:00:12
XBV00206.VDF : 8.11.224.120 6144 Bytes 15.04.2015 23:00:12
XBV00207.VDF : 8.11.224.130 38400 Bytes 16.04.2015 12:16:13
XBV00208.VDF : 8.11.224.132 43520 Bytes 16.04.2015 12:16:13
LOCAL000.VDF : 8.11.224.132 127585280 Bytes 16.04.2015 12:16:25
Engineversion : 8.3.30.16
AEVDF.DLL : 8.3.1.6 133992 Bytes 08.09.2014 14:49:36
AESCRIPT.DLL : 8.2.2.58 560248 Bytes 17.03.2015 11:48:28
AESCN.DLL : 8.3.2.2 139456 Bytes 15.08.2014 08:30:04
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 16:30:26
AERDL.DLL : 8.2.1.20 731040 Bytes 12.02.2015 15:47:06
AEPACK.DLL : 8.4.0.62 793456 Bytes 21.02.2015 07:24:41
AEOFFICE.DLL : 8.3.1.16 359280 Bytes 27.03.2015 17:08:31
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 11.03.2015 02:16:41
AEHEUR.DLL : 8.1.4.1634 8259496 Bytes 10.04.2015 12:28:57
AEHELP.DLL : 8.3.2.0 281456 Bytes 19.03.2015 19:21:20
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 15:01:29
AEEXP.DLL : 8.4.2.82 260968 Bytes 10.04.2015 12:28:57
AEEMU.DLL : 8.1.3.4 399264 Bytes 15.08.2014 08:30:03
AEDROID.DLL : 8.4.3.116 1050536 Bytes 11.03.2015 02:16:40
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 19:52:09
AEBB.DLL : 8.1.2.0 60448 Bytes 15.08.2014 08:30:03
AVWINLL.DLL : 15.0.9.460 26872 Bytes 01.04.2015 07:34:51
AVPREF.DLL : 15.0.9.460 52984 Bytes 01.04.2015 07:34:53
AVREP.DLL : 15.0.9.460 220464 Bytes 01.04.2015 07:34:53
AVARKT.DLL : 15.0.9.460 228088 Bytes 01.04.2015 07:34:51
AVEVTLOG.DLL : 15.0.9.460 193328 Bytes 01.04.2015 07:34:52
SQLITE3.DLL : 15.0.9.460 455472 Bytes 01.04.2015 07:35:03
AVSMTP.DLL : 15.0.9.460 79096 Bytes 01.04.2015 07:34:54
NETNT.DLL : 15.0.9.460 15152 Bytes 01.04.2015 07:35:02
CommonImageRc.dll: 15.0.9.460 4355376 Bytes 01.04.2015 07:34:51
CommonTextRc.DLL: 15.0.9.476 70960 Bytes 01.04.2015 07:34:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 16. April 2015 14:57
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD1(F:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '226' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvNetworkService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvBackend.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'OneDrive.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'CSISYNCCLIENT.EXE' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'puush.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1663' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'F:\'
Ende des Suchlaufs: Donnerstag, 16. April 2015 16:40
Benötigte Zeit: 1:43:01 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37294 Verzeichnisse wurden überprüft
2431032 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2431032 Dateien ohne Befall
17687 Archive wurden durchsucht
0 Warnungen
0 Hinweise
907997 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
17.04.2015, 06:07
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: BoBrowser Rückstände entfernen Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.04.2015, 13:58
| #5 |
| | Windows 7: BoBrowser Rückstände entfernen Guten Tag Schrauber, Revo Uninstall wurde durchgeführt und hier ist der Combofix Log: Combofix Code:
ATTFilter Combofix Logfile: |
|
18.04.2015, 07:56
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: BoBrowser Rückstände entfernen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: BoBrowser Rückstände entfernen |
|
18.04.2015, 15:13
| #7 |
| | Windows 7: BoBrowser Rückstände entfernen Hallo Schrauber, danke für deine weitere Hilfe. Hier die neuen Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.04.2015 Suchlauf-Zeit: 15:08:09 Logdatei: MBAM.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.18.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Windows7 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 355035 Verstrichene Zeit: 8 Min, 28 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 PUP.Optional.QuickStart.A, C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[4cbec1adf595a3935692cd71996db64a] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Adwcleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 18/04/2015 um 15:57:01
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-18.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Windows7 - WINDOWS7-PC
# Gestarted von : C:\Users\Windows7\Downloads\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : Run_Bobby_Browser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v37.0.1 (x86 en-GB)
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1429137368&from=smt&uid=ST31000524AS_5VP83DCEXXXX5VP83DCE&q={searchTerms}");
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[hjuc0e1m.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v42.0.2311.90
[C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1429137368&from=smt&uid=ST31000524AS_5VP83DCEXXXX5VP83DCE
*************************
AdwCleaner[R0].txt - [2387 Bytes] - [18/04/2015 15:42:25]
AdwCleaner[S0].txt - [2324 Bytes] - [18/04/2015 15:57:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2383 Bytes] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Professional x64
Ran by Windows7 on 18.04.2015 at 16:04:49,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Windows7\AppData\Roaming\mozilla\firefox\profiles\hjuc0e1m.default\prefs.js
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, smt);
user_pref(browser.search.searchengine.uid, ST31000524AS_5VP83DCEXXXX5VP83DCE);
Emptied folder: C:\Users\Windows7\AppData\Roaming\mozilla\firefox\profiles\hjuc0e1m.default\minidumps [19 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.04.2015 at 16:06:36,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Windows7 (administrator) on WINDOWS7-PC on 18-04-2015 16:08:41
Running from C:\Users\Windows7\Downloads
Loaded Profiles: Windows7 (Available profiles: Windows7)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [Xvid] => D:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [OneDrive] => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default
FF Homepage: hxxp://psyonix.com/forum/viewforum.php?f=33&sid=dcbf5fb5c07e6efca6fe97e98b161b34
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Segurança do navegador Avira - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: MEGA - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\firefox@mega.co.nz.xpi [2015-01-11]
FF Extension: No Name - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-09-08]
FF Extension: Adblock Plus - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-08]
FF HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Keep Awake) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijihlabcfdnabacffofojgmehjdielb [2014-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; d:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-11] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 16:08 - 2015-04-18 16:09 - 00014789 _____ () C:\Users\Windows7\Downloads\FRST.txt
2015-04-18 16:08 - 2015-04-18 16:08 - 00000000 ____D () C:\Users\Windows7\Downloads\FRST-OlderVersion
2015-04-18 16:07 - 2015-04-18 16:07 - 00001082 _____ () C:\Users\Windows7\Desktop\JRT_new.txt
2015-04-18 16:06 - 2015-04-18 16:06 - 00001082 _____ () C:\Users\Windows7\Desktop\JRT.txt
2015-04-18 16:04 - 2015-04-18 16:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WINDOWS7-PC-Windows-7-Professional-(64-bit).dat
2015-04-18 16:04 - 2015-04-18 16:04 - 00000000 ____D () C:\RegBackup
2015-04-18 16:03 - 2015-04-18 16:04 - 02686254 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe
2015-04-18 16:02 - 2015-04-18 16:02 - 00002463 _____ () C:\Users\Windows7\Desktop\AdwCleaner[S0].txt
2015-04-18 15:42 - 2015-04-18 15:57 - 00000000 ____D () C:\AdwCleaner
2015-04-18 15:39 - 2015-04-18 15:40 - 02217984 _____ () C:\Users\Windows7\Downloads\AdwCleaner_4.201.exe
2015-04-18 15:39 - 2015-04-18 15:39 - 00001430 _____ () C:\Users\Windows7\Desktop\MBAM.txt
2015-04-18 15:37 - 2015-04-18 15:37 - 00000000 ___HD () C:\OneDriveTemp
2015-04-18 15:07 - 2015-04-18 15:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 15:07 - 2015-04-18 15:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-18 15:07 - 2015-04-18 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-18 15:06 - 2015-04-18 15:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-18 15:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-18 15:06 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-18 15:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-18 15:05 - 2015-04-18 15:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Windows7\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-17 15:07 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-17 15:06 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-17 15:06 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-17 14:52 - 2015-04-17 14:52 - 00024307 _____ () C:\ComboFix.txt
2015-04-17 14:42 - 2015-04-17 14:52 - 00000000 ____D () C:\Qoobox
2015-04-17 14:42 - 2015-04-17 14:51 - 00000000 ____D () C:\Windows\erdnt
2015-04-17 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-17 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-17 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-17 14:34 - 2015-04-17 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-17 14:33 - 2015-04-17 14:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Windows7\Downloads\revosetup95.exe
2015-04-16 23:55 - 2015-04-16 23:56 - 06420600 _____ (Tim Kosse) C:\Users\Windows7\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-04-16 23:55 - 2015-04-16 23:55 - 06208736 _____ (Tim Kosse) C:\Users\Windows7\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-16 23:54 - 2015-04-16 23:54 - 01645954 _____ () C:\Users\Windows7\Downloads\the Code.zip
2015-04-16 17:32 - 2015-04-16 17:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:31 - 2015-04-16 17:31 - 00561576 _____ (Oracle Corporation) C:\Users\Windows7\Downloads\jxpiinstall.exe
2015-04-16 17:31 - 2015-04-16 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 14:31 - 2015-04-16 14:31 - 00380416 _____ () C:\Users\Windows7\Downloads\minxxoh8.exe
2015-04-16 14:28 - 2015-04-18 16:08 - 02098176 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64.exe
2015-04-16 14:28 - 2015-04-18 16:08 - 00000000 ____D () C:\FRST
2015-04-16 14:28 - 2015-04-16 14:28 - 00000000 _____ () C:\Users\Windows7\defogger_reenable
2015-04-16 14:27 - 2015-04-16 14:27 - 00050477 _____ () C:\Users\Windows7\Downloads\Defogger.exe
2015-04-16 00:46 - 2015-04-16 00:46 - 00002744 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Windows7
2015-04-15 16:12 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 16:12 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:12 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:12 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:12 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:12 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:12 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 16:12 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:12 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:12 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:12 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:12 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 16:12 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 16:12 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 16:12 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 16:12 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 16:12 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 16:12 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 16:12 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 16:12 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 16:12 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 16:12 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 16:12 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 16:12 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 16:12 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 16:12 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 16:12 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:12 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 16:12 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 16:12 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:12 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:12 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 16:12 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:54 - 2015-04-14 22:54 - 00000000 ____D () C:\Users\Windows7\AppData\Local\openvr
2015-04-12 02:27 - 2015-04-12 02:28 - 92307608 _____ () C:\Users\Windows7\Downloads\Video 12-04-2015 02-18-44.mp4
2015-04-11 20:33 - 2015-04-11 20:33 - 00080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
2015-04-08 19:58 - 2015-04-08 19:58 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Sony Creative Software Inc
2015-04-07 15:39 - 2015-04-07 15:39 - 00629890 _____ () C:\Users\Windows7\Downloads\themes.7z
2015-04-07 15:36 - 2014-06-13 20:05 - 00000344 _____ () C:\Users\Windows7\Downloads\Readme.txt
2015-04-05 15:26 - 2015-04-05 15:26 - 02802944 _____ () C:\Users\Windows7\Downloads\mp3tagv269setup.exe
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 07:08 - 2015-04-04 07:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 00:01 - 2015-04-02 00:01 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Urban Trial Freestyle
2015-04-01 15:39 - 2015-04-01 15:39 - 00000253 _____ () C:\Users\Windows7\Downloads\offset_tiles_pattern_for_gimp_by_monsoonami.pat
2015-03-31 03:29 - 2015-04-04 12:14 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\dvdcss
2015-03-30 06:39 - 2015-03-30 06:40 - 00322496 _____ () C:\Windows\Minidump\033015-19624-01.dmp
2015-03-30 04:24 - 2015-04-15 16:40 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\vlc
2015-03-29 21:56 - 2015-03-29 22:00 - 00000000 ____D () C:\Users\Windows7\Documents\Camtasia Studio
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TechSmith
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Local\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000895 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-29 21:54 - 2015-03-29 21:54 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-29 21:51 - 2015-03-29 21:53 - 259562296 _____ () C:\Users\Windows7\Downloads\camtasia.exe
2015-03-28 17:45 - 2015-03-28 17:45 - 00000779 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MotioninJoy
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-03-28 17:45 - 2011-12-07 20:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-03-28 17:44 - 2015-03-28 17:44 - 04117346 _____ () C:\Users\Windows7\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-03-26 20:29 - 2015-03-26 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-03-26 18:37 - 2015-03-26 18:37 - 00000000 ____D () C:\ProgramData\Steam
2015-03-26 02:25 - 2015-03-26 02:25 - 00187628 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00 Switch Fix.rar
2015-03-26 02:24 - 2015-03-26 02:25 - 160786918 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part09.rar
2015-03-26 02:21 - 2015-03-26 02:24 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part08.rar
2015-03-26 02:17 - 2015-03-26 02:21 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part07.rar
2015-03-26 02:14 - 2015-03-26 02:17 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part06.rar
2015-03-26 02:10 - 2015-03-26 02:13 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part05.rar
2015-03-26 02:07 - 2015-03-26 02:10 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part04.rar
2015-03-26 02:02 - 2015-03-26 02:06 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part03.rar
2015-03-26 01:59 - 2015-03-26 02:02 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part02.rar
2015-03-26 01:55 - 2015-03-26 01:59 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part01.rar
2015-03-26 01:38 - 2015-03-26 01:38 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Origin
2015-03-26 01:37 - 2015-03-26 01:39 - 00000000 ____D () C:\ProgramData\Origin
2015-03-26 01:36 - 2015-03-26 01:36 - 17111696 _____ (Electronic Arts, Inc.) C:\Users\Windows7\Downloads\OriginThinSetup.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 01799904 _____ () C:\Users\Windows7\Downloads\openvpn-install-2.3.6-I603-x86_64.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Users\Windows7\AppData\Local\2K Games
2015-03-21 21:15 - 2015-03-21 21:15 - 00527423 _____ ( ) C:\Users\Windows7\Downloads\Lame_v3.99.3_for_Windows.exe
2015-03-21 21:07 - 2015-04-06 18:06 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Audacity
2015-03-21 21:07 - 2015-03-21 21:07 - 22892794 _____ (Audacity Team ) C:\Users\Windows7\Downloads\audacity-win-2.0.6.exe
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-21 20:51 - 2015-03-21 20:51 - 00000016 ____H () C:\Users\Windows7\Documents\mxfilerelatedcache.mxc2
2015-03-21 20:35 - 2015-03-21 20:35 - 03032920 _____ (MAGIX Software GmbH) C:\Users\Windows7\Downloads\trial_musicmaker2015_dlm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 16:05 - 2014-10-18 13:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 16:05 - 2014-10-14 18:47 - 00000000 ___RD () C:\Users\Windows7\OneDrive
2015-04-18 16:05 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 16:05 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 16:04 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-04-18 16:04 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-04-18 16:04 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-18 16:02 - 2014-09-08 15:26 - 01199881 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 15:58 - 2014-10-27 17:32 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC
2015-04-18 15:58 - 2011-06-07 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-18 15:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 15:58 - 2009-07-14 06:51 - 00096984 _____ () C:\Windows\setupact.log
2015-04-18 15:36 - 2014-09-08 17:42 - 00601548 _____ () C:\Windows\PFRO.log
2015-04-18 15:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 15:27 - 2014-09-08 15:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 20:09 - 2014-10-18 13:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 17:16 - 2014-09-29 18:31 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\.minecraft
2015-04-17 15:09 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\Windows7\AppData\Local\CrashDumps
2015-04-17 15:08 - 2014-09-17 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-17 15:08 - 2011-06-07 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-17 15:07 - 2011-06-07 15:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-17 14:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-17 14:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-17 01:43 - 2014-09-22 16:53 - 00000000 ____D () C:\Users\Windows7\Documents\Movie Studio Platinum 12.0 Projects
2015-04-17 01:37 - 2015-02-22 15:05 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\FileZilla
2015-04-16 23:56 - 2015-02-22 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-16 17:32 - 2014-09-29 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 14:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-16 14:42 - 2014-10-01 16:02 - 00000000 ____D () C:\Users\Windows7\Desktop\puush screenshots
2015-04-16 14:41 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-16 14:28 - 2014-09-08 15:26 - 00000000 ____D () C:\Users\Windows7
2015-04-16 14:10 - 2011-06-07 15:35 - 00000000 ____D () C:\Windows\Panther
2015-04-16 01:16 - 2015-03-09 16:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\OBS
2015-04-16 00:39 - 2014-09-08 16:44 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 16:44 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 15:27 - 00001425 _____ () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 20:53 - 2014-12-11 19:37 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:53 - 2014-09-08 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 18:00 - 2014-09-08 20:46 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 17:59 - 2014-09-08 16:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 17:57 - 2014-09-08 16:29 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 19:27 - 2014-09-08 15:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 19:27 - 2014-09-08 15:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 19:27 - 2014-09-08 15:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:57 - 2014-12-19 17:21 - 00000940 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-04-11 23:39 - 2014-09-20 21:02 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TS3Client
2015-04-11 21:00 - 2014-09-20 20:54 - 00000000 ____D () C:\Users\Windows7\.gimp-2.8
2015-04-11 20:33 - 2014-10-02 17:38 - 00000000 ____D () C:\Users\Windows7\AppData\Local\gtk-2.0
2015-04-11 20:10 - 2014-10-02 17:34 - 00000000 ____D () C:\Users\Windows7\.thumbnails
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 02:58 - 2011-06-07 15:02 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2011-06-07 15:03 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2011-06-07 15:03 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2014-09-17 19:48 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-08 19:22 - 2014-10-15 20:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Mp3tag
2015-04-07 17:18 - 2014-09-20 20:54 - 00000626 _____ () C:\Users\Windows7\Desktop\music.lnk
2015-04-07 16:57 - 2015-01-18 02:57 - 00000000 ____D () C:\Users\Windows7\Desktop\games
2015-04-05 15:27 - 2014-09-20 20:47 - 00000692 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-04-05 14:54 - 2014-09-08 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 13:11 - 2014-11-15 23:05 - 00000000 ____D () C:\Users\Windows7\Documents\Telltale Games
2015-04-02 08:57 - 2014-10-19 16:08 - 00001768 _____ () C:\Windows\SecuniaPackage.log
2015-04-01 09:36 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Avira
2015-04-01 09:35 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Avira
2015-04-01 09:29 - 2009-07-14 06:45 - 05977264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-01 01:52 - 2014-09-08 15:50 - 00420960 _____ () C:\Users\Windows7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 08:18 - 2015-02-18 12:44 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-30 06:39 - 2015-01-21 17:26 - 623105246 _____ () C:\Windows\MEMORY.DMP
2015-03-30 06:39 - 2015-01-21 17:26 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 21:31 - 2015-02-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-28 21:05 - 2014-10-21 14:15 - 00000000 ____D () C:\Users\Windows7\Desktop\uni
2015-03-27 19:05 - 2014-12-25 19:39 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-26 01:23 - 2015-03-11 19:39 - 00000000 ____D () C:\Users\Windows7\AppData\Local\ftblauncher
2015-03-23 18:02 - 2015-02-27 16:30 - 00000766 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-21 21:23 - 2014-09-23 22:56 - 00526951 _____ () C:\Windows\DirectX.log
2015-03-21 21:06 - 2014-12-13 23:30 - 00000000 ___RD () C:\Users\Windows7\Documents\MAGIX
2015-03-21 21:05 - 2014-12-13 23:31 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 20:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 20:50 - 2014-12-13 23:18 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MAGIX
2015-03-21 20:48 - 2014-12-13 23:29 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-20 17:59 - 2014-10-21 14:49 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Adobe
==================== Files in the root of some directories =======
2015-04-11 20:33 - 2015-04-11 20:33 - 0080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\avgnt.exe
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe
C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows7\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 15:25
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by Windows7 at 2015-04-18 16:09:19
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.24.3 - Mirillis)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Oddworld: Abe's Exoddus (HKLM-x32\...\Steam App 15710) (Version: - Oddworld Inhabitants)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 4.00) (Version: 4.00 - Pesgalaxy)
Pesgalaxy.com Patch 2015 DLC Installer (HKLM-x32\...\Pesgalaxy.com Patch 2015 DLC Installer 4.00) (Version: 4.00 - Pesgalaxy)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version: - KONAMI Digital Entertainment)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version: - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Windows7\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-04-2015 00:51:47 Windows Update
12-04-2015 18:10:22 Geplanter Prüfpunkt
15-04-2015 17:55:24 Windows Update
17-04-2015 14:35:14 Revo Uninstaller's restore point - Rocket League Alpha [Currently Closed]
17-04-2015 15:08:16 NVIDIA PhysX wird entfernt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-17 14:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C3FCF68-7242-4D96-A12C-C53926DE2B6A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {1D8C2AF7-0830-43B1-A579-B242B8A4A4E3} - System32\Tasks\{FD1ACF09-7381-4C15-9968-DD8C350A2142} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {37BF58C2-1004-4D87-BDCF-25501A341814} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F5E5660-70CC-4544-8CC3-DC02B10F8208} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {640C9B73-B68E-4CD0-B6F5-D9F4BE8AAC03} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {680B3F20-6D1B-4BB4-B36E-1325625F7641} - System32\Tasks\Core Temp Autostart Windows7 => d:\Program Files\Core Temp\Core Temp.exe
Task: {6BF665B7-A047-411A-AF35-9D6888CBAB33} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {8CFAB49F-E174-48E0-809F-8C131053210C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A86D113B-2F3E-4E5E-ADF7-DBD739741887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AB0378E4-CE9E-4795-8103-2039413053BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {AF6CA53F-CCE2-4A36-9B7A-D3F751D683CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B44EC09B-E917-4AF4-8DB4-F4E33B219968} - System32\Tasks\{B8E52995-44C7-49C9-9B59-6DE8F06E2752} => pcalua.exe -a C:\Users\Windows7\Downloads\forge-1.7.10-10.13.1.1217-installer-win.exe -d C:\Users\Windows7\Downloads
Task: {B744EF2A-8A66-4244-9217-D761A9686455} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BCE26F42-4864-4CCC-A1B9-7BD8F69CA7F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CE529D47-63FC-4514-BC02-7F2128F75E66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FB3171A3-2C02-47C1-A941-CE846290DD01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-14 18:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3076697788-3242137600-3789678494-500 - Administrator - Disabled)
Gast (S-1-5-21-3076697788-3242137600-3789678494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3076697788-3242137600-3789678494-1003 - Limited - Enabled)
Windows7 (S-1-5-21-3076697788-3242137600-3789678494-1001 - Administrator - Enabled) => C:\Users\Windows7
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2015 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 15.3.33.0, Zeitstempel: 0x53d235eb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b485
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Error: (04/17/2015 03:09:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei GFEClient.Model.Update.UpdateInstaller+<>c__DisplayClassa.<BuildProcInfo>b__8(System.Object, System.EventArgs)
bei System.Diagnostics.Process.OnExited()
bei System.Diagnostics.Process.RaiseOnExited()
bei System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
Error: (04/17/2015 02:51:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x726f7461
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm audacity.exe, Version 2.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bf4
Startzeit: 01d070828983cfb2
Endzeit: 2
Anwendungspfad: D:\Program Files (x86)\Audacity\audacity.exe
Berichts-ID: fb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Name des fehlerhaften Moduls: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000745ff
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xExoddus.exe0
Pfad der fehlerhaften Anwendung: Exoddus.exe1
Pfad des fehlerhaften Moduls: Exoddus.exe2
Berichtskennung: Exoddus.exe3
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8ec
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
System errors:
=============
Error: (04/18/2015 04:05:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (04/17/2015 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe15.3.33.053d235ebKERNELBASE.dll6.1.7601.187985507b485e04343520000c42defc01d0790f1cd8ef63C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\syswow64\KERNELBASE.dllf053417c-e502-11e4-8534-448a5b88d092
Error: (04/17/2015 03:09:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei GFEClient.Model.Update.UpdateInstaller+<>c__DisplayClassa.<BuildProcInfo>b__8(System.Object, System.EventArgs)
bei System.Diagnostics.Process.OnExited()
bei System.Diagnostics.Process.RaiseOnExited()
bei System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
Error: (04/17/2015 02:51:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005726f746188c01d0790ccdfc0cbaC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown7ad584b9-e500-11e4-8584-448a5b88d092
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353489c01d0783e6c585f53C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe620ba003-e432-11e4-86c9-448a5b88d092
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0191c01d072b827e09a8dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown14948961-deac-11e4-b480-448a5b88d092
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353494001d071fc348a4c2aC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe34ef414c-ddf0-11e4-8955-448a5b88d092
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0195801d0712ec0fdd930C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownaaed96cb-dd22-11e4-8e35-448a5b88d092
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: audacity.exe2.0.6.0bf401d070828983cfb22D:\Program Files (x86)\Audacity\audacity.exefb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Exoddus.exe2.0.0.0365b37bbExoddus.exe2.0.0.0365b37bbc0000005000745ffa5001d0705c8001d85ad:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exed:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exe6f6bc9ed-dc59-11e4-8640-448a5b88d092
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005000000008ec01d0705a04ef30c4C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownf9f2814d-dc4d-11e4-8640-448a5b88d092
CodeIntegrity Errors:
===================================
Date: 2015-04-17 14:47:03.832
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-04-17 14:47:03.800
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8140.43 MB
Available physical RAM: 6308.24 MB
Total Pagefile: 16279.05 MB
Available Pagefile: 14223.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:204.25 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:534.39 GB) NTFS
Drive e: (SS9-0E-UT1.2_DES) (CDROM) (Total:6.39 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:931.51 GB) (Free:675.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 89075DDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C5DE631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.04.2015, 07:18
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: BoBrowser Rückstände entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.04.2015, 17:12
| #9 |
| | Windows 7: BoBrowser Rückstände entfernen Hallo Schrauber, soweit kann ich nichts weiteres negatives feststellen, außer dass ich Java eigentlich vor ein paar Tagen aktualisiert habe. Ich weiß jetzt nicht wo das "out of date" hierfür herkommt. Hier die neuen Logs: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=54f89c44e81d6c4bb23fb72d30f8b5f6
# engine=23456
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-19 03:59:57
# local_time=2015-04-19 05:59:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19255398 181089047 0 0
# scanned=231009
# found=0
# cleaned=0
# scan_time=6966
SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.10004)
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.1)
Google Chrome (41.0.2272.118)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Windows7 (administrator) on WINDOWS7-PC on 19-04-2015 18:07:37
Running from C:\Users\Windows7\Downloads
Loaded Profiles: Windows7 (Available profiles: Windows7)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [Xvid] => D:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Run: [OneDrive] => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default
FF Homepage: hxxp://psyonix.com/forum/viewforum.php?f=33&sid=dcbf5fb5c07e6efca6fe97e98b161b34
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Segurança do navegador Avira - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: MEGA - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\firefox@mega.co.nz.xpi [2015-01-11]
FF Extension: No Name - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-09-08]
FF Extension: Adblock Plus - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-08]
FF HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\hjuc0e1m.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Keep Awake) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijihlabcfdnabacffofojgmehjdielb [2014-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; d:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-11] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 18:07 - 2015-04-19 18:08 - 00016152 _____ () C:\Users\Windows7\Downloads\FRST.txt
2015-04-19 18:07 - 2015-04-19 18:07 - 00000880 _____ () C:\Users\Windows7\Desktop\checkup.txt
2015-04-19 02:43 - 2015-04-19 02:43 - 10036573 _____ () C:\Users\Windows7\Downloads\Famiy Intro 1.mp4
2015-04-19 02:19 - 2015-04-19 02:19 - 01136453 _____ () C:\Users\Windows7\Desktop\test_ier.wma
2015-04-18 16:08 - 2015-04-18 16:08 - 00000000 ____D () C:\Users\Windows7\Downloads\FRST-OlderVersion
2015-04-18 16:04 - 2015-04-18 16:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WINDOWS7-PC-Windows-7-Professional-(64-bit).dat
2015-04-18 16:04 - 2015-04-18 16:04 - 00000000 ____D () C:\RegBackup
2015-04-18 16:03 - 2015-04-18 16:04 - 02686254 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe
2015-04-18 15:39 - 2015-04-18 15:40 - 02217984 _____ () C:\Users\Windows7\Downloads\AdwCleaner_4.201.exe
2015-04-18 15:37 - 2015-04-18 15:37 - 00000000 ___HD () C:\OneDriveTemp
2015-04-18 15:07 - 2015-04-18 15:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 15:07 - 2015-04-18 15:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-18 15:07 - 2015-04-18 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-18 15:06 - 2015-04-18 15:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-18 15:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-18 15:06 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-18 15:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-18 15:05 - 2015-04-18 15:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Windows7\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-17 15:07 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-17 15:06 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-17 15:06 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-17 15:06 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-17 14:52 - 2015-04-17 14:52 - 00024307 _____ () C:\ComboFix.txt
2015-04-17 14:42 - 2015-04-17 14:52 - 00000000 ____D () C:\Qoobox
2015-04-17 14:42 - 2015-04-17 14:51 - 00000000 ____D () C:\Windows\erdnt
2015-04-17 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-17 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-17 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-17 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-17 14:34 - 2015-04-17 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-17 14:33 - 2015-04-17 14:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Windows7\Downloads\revosetup95.exe
2015-04-16 23:55 - 2015-04-16 23:56 - 06420600 _____ (Tim Kosse) C:\Users\Windows7\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-04-16 23:55 - 2015-04-16 23:55 - 06208736 _____ (Tim Kosse) C:\Users\Windows7\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-16 23:54 - 2015-04-16 23:54 - 01645954 _____ () C:\Users\Windows7\Downloads\the Code.zip
2015-04-16 17:32 - 2015-04-16 17:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:31 - 2015-04-16 17:31 - 00561576 _____ (Oracle Corporation) C:\Users\Windows7\Downloads\jxpiinstall.exe
2015-04-16 17:31 - 2015-04-16 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 14:31 - 2015-04-16 14:31 - 00380416 _____ () C:\Users\Windows7\Downloads\minxxoh8.exe
2015-04-16 14:28 - 2015-04-19 18:07 - 00000000 ____D () C:\FRST
2015-04-16 14:28 - 2015-04-18 16:08 - 02098176 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64.exe
2015-04-16 14:28 - 2015-04-16 14:28 - 00000000 _____ () C:\Users\Windows7\defogger_reenable
2015-04-16 14:27 - 2015-04-16 14:27 - 00050477 _____ () C:\Users\Windows7\Downloads\Defogger.exe
2015-04-16 00:46 - 2015-04-16 00:46 - 00002744 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Windows7
2015-04-15 16:12 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 16:12 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 16:12 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:12 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:12 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:12 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:12 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 16:12 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:12 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:12 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:12 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:12 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 16:12 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 16:12 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 16:12 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:12 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 16:12 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:12 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:12 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:12 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 16:12 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:12 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 16:12 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:12 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:12 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:12 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:12 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:12 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 16:12 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 16:12 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 16:12 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 16:12 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 16:12 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 16:12 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 16:12 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 16:12 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 16:12 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 16:12 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 16:12 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 16:12 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 16:12 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 16:12 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 16:12 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 16:12 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 16:12 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 16:12 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 16:12 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 16:12 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 16:12 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 16:12 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 16:12 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 16:12 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 16:12 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 16:12 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 16:12 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 16:12 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 16:12 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 16:12 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 16:12 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 16:12 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 16:12 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 16:12 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 16:12 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:12 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:12 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 16:12 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 16:12 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:12 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:12 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 16:12 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:54 - 2015-04-14 22:54 - 00000000 ____D () C:\Users\Windows7\AppData\Local\openvr
2015-04-12 02:27 - 2015-04-12 02:28 - 92307608 _____ () C:\Users\Windows7\Downloads\Video 12-04-2015 02-18-44.mp4
2015-04-11 20:33 - 2015-04-11 20:33 - 00080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
2015-04-08 19:58 - 2015-04-08 19:58 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Sony Creative Software Inc
2015-04-07 15:39 - 2015-04-07 15:39 - 00629890 _____ () C:\Users\Windows7\Downloads\themes.7z
2015-04-07 15:36 - 2014-06-13 20:05 - 00000344 _____ () C:\Users\Windows7\Downloads\Readme.txt
2015-04-05 15:26 - 2015-04-05 15:26 - 02802944 _____ () C:\Users\Windows7\Downloads\mp3tagv269setup.exe
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:52 - 2015-04-05 00:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 07:08 - 2015-04-04 07:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 00:01 - 2015-04-02 00:01 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Urban Trial Freestyle
2015-04-01 15:39 - 2015-04-01 15:39 - 00000253 _____ () C:\Users\Windows7\Downloads\offset_tiles_pattern_for_gimp_by_monsoonami.pat
2015-03-31 03:29 - 2015-04-04 12:14 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\dvdcss
2015-03-30 06:39 - 2015-03-30 06:40 - 00322496 _____ () C:\Windows\Minidump\033015-19624-01.dmp
2015-03-30 04:24 - 2015-04-15 16:40 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\vlc
2015-03-29 21:56 - 2015-03-29 22:00 - 00000000 ____D () C:\Users\Windows7\Documents\Camtasia Studio
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TechSmith
2015-03-29 21:56 - 2015-03-29 21:56 - 00000000 ____D () C:\Users\Windows7\AppData\Local\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000895 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-29 21:55 - 2015-03-29 21:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-29 21:54 - 2015-03-29 21:54 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-29 21:51 - 2015-03-29 21:53 - 259562296 _____ () C:\Users\Windows7\Downloads\camtasia.exe
2015-03-28 17:45 - 2015-03-28 17:45 - 00000779 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MotioninJoy
2015-03-28 17:45 - 2015-03-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-03-28 17:45 - 2011-12-07 20:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-03-28 17:44 - 2015-03-28 17:44 - 04117346 _____ () C:\Users\Windows7\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-03-26 20:29 - 2015-03-26 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-03-26 18:37 - 2015-03-26 18:37 - 00000000 ____D () C:\ProgramData\Steam
2015-03-26 02:25 - 2015-03-26 02:25 - 00187628 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00 Switch Fix.rar
2015-03-26 02:24 - 2015-03-26 02:25 - 160786918 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part09.rar
2015-03-26 02:21 - 2015-03-26 02:24 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part08.rar
2015-03-26 02:17 - 2015-03-26 02:21 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part07.rar
2015-03-26 02:14 - 2015-03-26 02:17 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part06.rar
2015-03-26 02:10 - 2015-03-26 02:13 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part05.rar
2015-03-26 02:07 - 2015-03-26 02:10 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part04.rar
2015-03-26 02:02 - 2015-03-26 02:06 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part03.rar
2015-03-26 01:59 - 2015-03-26 02:02 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part02.rar
2015-03-26 01:55 - 2015-03-26 01:59 - 524288000 _____ () C:\Users\Windows7\Downloads\Pesgalaxy.com Patch 2015 4.00.part01.rar
2015-03-26 01:38 - 2015-03-26 01:38 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Origin
2015-03-26 01:37 - 2015-03-26 01:39 - 00000000 ____D () C:\ProgramData\Origin
2015-03-26 01:36 - 2015-03-26 01:36 - 17111696 _____ (Electronic Arts, Inc.) C:\Users\Windows7\Downloads\OriginThinSetup.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 01799904 _____ () C:\Users\Windows7\Downloads\openvpn-install-2.3.6-I603-x86_64.exe
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-23 18:02 - 2015-03-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-03-21 21:23 - 2015-03-21 21:23 - 00000000 ____D () C:\Users\Windows7\AppData\Local\2K Games
2015-03-21 21:15 - 2015-03-21 21:15 - 00527423 _____ ( ) C:\Users\Windows7\Downloads\Lame_v3.99.3_for_Windows.exe
2015-03-21 21:07 - 2015-04-19 02:13 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Audacity
2015-03-21 21:07 - 2015-03-21 21:07 - 22892794 _____ (Audacity Team ) C:\Users\Windows7\Downloads\audacity-win-2.0.6.exe
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-03-21 21:07 - 2015-03-21 21:07 - 00000712 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-21 20:51 - 2015-03-21 20:51 - 00000016 ____H () C:\Users\Windows7\Documents\mxfilerelatedcache.mxc2
2015-03-21 20:35 - 2015-03-21 20:35 - 03032920 _____ (MAGIX Software GmbH) C:\Users\Windows7\Downloads\trial_musicmaker2015_dlm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 17:27 - 2014-09-08 15:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 17:13 - 2014-10-18 13:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 15:50 - 2014-10-27 17:32 - 00005158 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC
2015-04-19 15:36 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 15:36 - 2009-07-14 06:45 - 00026800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 15:34 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-04-19 15:34 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-04-19 15:34 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 15:32 - 2014-09-08 15:26 - 01227023 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 15:28 - 2014-10-14 18:47 - 00000000 ___RD () C:\Users\Windows7\OneDrive
2015-04-19 15:28 - 2011-06-07 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-19 15:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 15:28 - 2009-07-14 06:51 - 00097152 _____ () C:\Windows\setupact.log
2015-04-18 21:13 - 2014-10-01 16:02 - 00000000 ____D () C:\Users\Windows7\Desktop\puush screenshots
2015-04-18 15:36 - 2014-09-08 17:42 - 00601548 _____ () C:\Windows\PFRO.log
2015-04-18 15:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 20:09 - 2014-10-18 13:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 17:16 - 2014-09-29 18:31 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\.minecraft
2015-04-17 15:09 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\Windows7\AppData\Local\CrashDumps
2015-04-17 15:08 - 2014-09-17 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-17 15:08 - 2011-06-07 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-17 15:07 - 2011-06-07 15:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-17 14:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-17 14:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-17 01:43 - 2014-09-22 16:53 - 00000000 ____D () C:\Users\Windows7\Documents\Movie Studio Platinum 12.0 Projects
2015-04-17 01:37 - 2015-02-22 15:05 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\FileZilla
2015-04-16 23:56 - 2015-02-22 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-16 17:32 - 2014-09-29 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 14:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-16 14:41 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-16 14:28 - 2014-09-08 15:26 - 00000000 ____D () C:\Users\Windows7
2015-04-16 14:10 - 2011-06-07 15:35 - 00000000 ____D () C:\Windows\Panther
2015-04-16 01:16 - 2015-03-09 16:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\OBS
2015-04-16 00:39 - 2014-09-08 16:44 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 16:44 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-16 00:39 - 2014-09-08 15:27 - 00001425 _____ () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 20:53 - 2014-12-11 19:37 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:53 - 2014-09-08 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 18:00 - 2014-09-08 20:46 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 17:59 - 2014-09-08 16:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 17:57 - 2014-09-08 16:29 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 19:27 - 2014-09-08 15:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 19:27 - 2014-09-08 15:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 19:27 - 2014-09-08 15:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:57 - 2014-12-19 17:21 - 00000940 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-04-11 23:39 - 2014-09-20 21:02 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\TS3Client
2015-04-11 21:00 - 2014-09-20 20:54 - 00000000 ____D () C:\Users\Windows7\.gimp-2.8
2015-04-11 20:33 - 2014-10-02 17:38 - 00000000 ____D () C:\Users\Windows7\AppData\Local\gtk-2.0
2015-04-11 20:10 - 2014-10-02 17:34 - 00000000 ____D () C:\Users\Windows7\.thumbnails
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:28 - 2014-09-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 02:58 - 2011-06-07 15:02 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2011-06-07 15:02 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2011-06-07 15:03 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2011-06-07 15:03 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2011-06-07 15:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2014-09-17 19:48 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-08 19:22 - 2014-10-15 20:56 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Mp3tag
2015-04-07 17:18 - 2014-09-20 20:54 - 00000626 _____ () C:\Users\Windows7\Desktop\music.lnk
2015-04-07 16:57 - 2015-01-18 02:57 - 00000000 ____D () C:\Users\Windows7\Desktop\games
2015-04-05 15:27 - 2014-09-20 20:47 - 00000692 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-04-05 14:54 - 2014-09-08 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 13:11 - 2014-11-15 23:05 - 00000000 ____D () C:\Users\Windows7\Documents\Telltale Games
2015-04-02 08:57 - 2014-10-19 16:08 - 00001768 _____ () C:\Windows\SecuniaPackage.log
2015-04-01 09:36 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Avira
2015-04-01 09:35 - 2014-09-08 16:46 - 00000000 ____D () C:\ProgramData\Avira
2015-04-01 09:29 - 2009-07-14 06:45 - 05977264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-01 01:52 - 2014-09-08 15:50 - 00420960 _____ () C:\Users\Windows7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 08:18 - 2015-02-18 12:44 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-30 06:39 - 2015-01-21 17:26 - 623105246 _____ () C:\Windows\MEMORY.DMP
2015-03-30 06:39 - 2015-01-21 17:26 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 21:31 - 2015-02-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-28 21:05 - 2014-10-21 14:15 - 00000000 ____D () C:\Users\Windows7\Desktop\uni
2015-03-27 19:05 - 2014-12-25 19:39 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-26 01:23 - 2015-03-11 19:39 - 00000000 ____D () C:\Users\Windows7\AppData\Local\ftblauncher
2015-03-23 18:02 - 2015-02-27 16:30 - 00000766 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-21 21:23 - 2014-09-23 22:56 - 00526951 _____ () C:\Windows\DirectX.log
2015-03-21 21:06 - 2014-12-13 23:30 - 00000000 ___RD () C:\Users\Windows7\Documents\MAGIX
2015-03-21 21:05 - 2014-12-13 23:31 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 20:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 20:50 - 2014-12-13 23:18 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\MAGIX
2015-03-21 20:48 - 2014-12-13 23:29 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-20 17:59 - 2014-10-21 14:49 - 00000000 ____D () C:\Users\Windows7\AppData\Local\Adobe
==================== Files in the root of some directories =======
2015-04-11 20:33 - 2015-04-11 20:33 - 0080716 _____ () C:\Users\Windows7\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\avgnt.exe
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe
C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows7\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 15:25
==================== End Of Log ============================
--- --- --- Additional FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by Windows7 at 2015-04-19 18:08:23
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.24.3 - Mirillis)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Oddworld: Abe's Exoddus (HKLM-x32\...\Steam App 15710) (Version: - Oddworld Inhabitants)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 4.00) (Version: 4.00 - Pesgalaxy)
Pesgalaxy.com Patch 2015 DLC Installer (HKLM-x32\...\Pesgalaxy.com Patch 2015 DLC Installer 4.00) (Version: 4.00 - Pesgalaxy)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version: - KONAMI Digital Entertainment)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version: - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Windows7\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-04-2015 00:51:47 Windows Update
12-04-2015 18:10:22 Geplanter Prüfpunkt
15-04-2015 17:55:24 Windows Update
17-04-2015 14:35:14 Revo Uninstaller's restore point - Rocket League Alpha [Currently Closed]
17-04-2015 15:08:16 NVIDIA PhysX wird entfernt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-17 14:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C3FCF68-7242-4D96-A12C-C53926DE2B6A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {1D8C2AF7-0830-43B1-A579-B242B8A4A4E3} - System32\Tasks\{FD1ACF09-7381-4C15-9968-DD8C350A2142} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {37BF58C2-1004-4D87-BDCF-25501A341814} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F5E5660-70CC-4544-8CC3-DC02B10F8208} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {640C9B73-B68E-4CD0-B6F5-D9F4BE8AAC03} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {680B3F20-6D1B-4BB4-B36E-1325625F7641} - System32\Tasks\Core Temp Autostart Windows7 => d:\Program Files\Core Temp\Core Temp.exe
Task: {6BF665B7-A047-411A-AF35-9D6888CBAB33} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {8CFAB49F-E174-48E0-809F-8C131053210C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A86D113B-2F3E-4E5E-ADF7-DBD739741887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AB0378E4-CE9E-4795-8103-2039413053BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {AF6CA53F-CCE2-4A36-9B7A-D3F751D683CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B44EC09B-E917-4AF4-8DB4-F4E33B219968} - System32\Tasks\{B8E52995-44C7-49C9-9B59-6DE8F06E2752} => pcalua.exe -a C:\Users\Windows7\Downloads\forge-1.7.10-10.13.1.1217-installer-win.exe -d C:\Users\Windows7\Downloads
Task: {B744EF2A-8A66-4244-9217-D761A9686455} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BCE26F42-4864-4CCC-A1B9-7BD8F69CA7F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CE529D47-63FC-4514-BC02-7F2128F75E66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FB3171A3-2C02-47C1-A941-CE846290DD01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-17 19:48 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-14 18:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-21 17:57 - 2014-11-21 17:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3076697788-3242137600-3789678494-500 - Administrator - Disabled)
Gast (S-1-5-21-3076697788-3242137600-3789678494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3076697788-3242137600-3789678494-1003 - Limited - Enabled)
Windows7 (S-1-5-21-3076697788-3242137600-3789678494-1001 - Administrator - Enabled) => C:\Users\Windows7
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2015 06:04:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 06:02:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 03:57:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 03:57:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 03:57:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 03:56:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/19/2015 03:56:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/17/2015 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 15.3.33.0, Zeitstempel: 0x53d235eb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b485
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Error: (04/17/2015 03:09:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei GFEClient.Model.Update.UpdateInstaller+<>c__DisplayClassa.<BuildProcInfo>b__8(System.Object, System.EventArgs)
bei System.Diagnostics.Process.OnExited()
bei System.Diagnostics.Process.RaiseOnExited()
bei System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
Error: (04/17/2015 02:51:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x726f7461
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
System errors:
=============
Error: (04/19/2015 03:45:19 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/18/2015 04:05:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/18/2015 04:05:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/19/2015 06:04:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$RECYCLE.BIN\S-1-5-21-3076697788-3242137600-3789678494-1001\$RWXS9DD.exe
Error: (04/19/2015 06:02:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (04/19/2015 03:57:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Windows7\Desktop\esetsmartinstaller_deu.exe
Error: (04/19/2015 03:57:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Windows7\Desktop\esetsmartinstaller_deu.exe
Error: (04/19/2015 03:57:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Windows7\Desktop\esetsmartinstaller_deu.exe
Error: (04/19/2015 03:56:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Windows7\Desktop\esetsmartinstaller_deu.exe
Error: (04/19/2015 03:56:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Windows7\Downloads\esetsmartinstaller_deu.exe
Error: (04/17/2015 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe15.3.33.053d235ebKERNELBASE.dll6.1.7601.187985507b485e04343520000c42defc01d0790f1cd8ef63C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\syswow64\KERNELBASE.dllf053417c-e502-11e4-8534-448a5b88d092
Error: (04/17/2015 03:09:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei GFEClient.Model.Update.UpdateInstaller+<>c__DisplayClassa.<BuildProcInfo>b__8(System.Object, System.EventArgs)
bei System.Diagnostics.Process.OnExited()
bei System.Diagnostics.Process.RaiseOnExited()
bei System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
Error: (04/17/2015 02:51:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005726f746188c01d0790ccdfc0cbaC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown7ad584b9-e500-11e4-8584-448a5b88d092
CodeIntegrity Errors:
===================================
Date: 2015-04-17 14:47:03.832
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-04-17 14:47:03.800
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 26%
Total physical RAM: 8140.43 MB
Available physical RAM: 5966.91 MB
Total Pagefile: 16279.05 MB
Available Pagefile: 13767.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:203.62 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:534.39 GB) NTFS
Drive e: (SS9-0E-UT1.2_DES) (CDROM) (Total:6.39 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:931.51 GB) (Free:675.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 89075DDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C5DE631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
20.04.2015, 13:14
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: BoBrowser Rückstände entfernen Die Meldung mit Java kannste ignorieren Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.04.2015, 16:41
| #11 |
| | Windows 7: BoBrowser Rückstände entfernen Herzlichen Dank, Schrauber |
|
21.04.2015, 08:27
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: BoBrowser Rückstände entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: BoBrowser Rückstände entfernen |
| .dll, adware, antivirus, avira, bobrowser, bobrowser entfernen, converter, cpu, defender, desktop, entfernen, file, firefox, flash player, ftp, geforce, helper, install.exe, installation, launch, log, monitor, mp3, office 365, onedrive, opera, programm, security, software, warnung, windows |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
