| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Adware in FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.04.2015, 17:51
| #1 |
| /// TB-Senior   |  Windows 7: Adware in Firefox Grüß euch! Geschichte: Ich habe seit gestern ein Problem, ich wollte mir etwas runterladen auf einer Seite mit gefühlten 10 verschiedenen DOwnload-Buttons und wie es kommen musste habe ich den falschen erwischt und irgendetwa sinstalliert von dem ich nicht weiß wo ich es wiederfinden kann und wie ich es entfernen kann da es nicht in den installierten Programmen auftaucht. Problemschilderung: Egal auf welcher Seite ich in Firefox bin es werden mir immer Wörter als anklickbar (Fett und unterstrichen) markiert und wenn ich mit der Maus darüber gehe sehe ich irgendwelche Werbung und darunter "Ad by Provider", darüber ein kleines grünes Symbol mit Pfeil. Auch wenn ich z.B. in einem Forum einen Link anklicke um in ein Unterforum zu gelangen öffnet sich ein komplett neuer Tab mit irgendeiner Werbungs-seite die absolut null mit dem zu tun hat wo cih eigentlich hin wollte. (Beispiel: Ich gebe bei google "Trojaner board" ein, klicke auf den ersten Link und komme auf einem neuen Tab mit irgendeiner Werbung raus. Schließe den Tab und versuche es erneut dann klappt es. Ich bin im Forum, klicke auf "Plagegeister aller Art und deren Bekämpfung" um in das Unterforum zu gelangen - nächster Tab öffnet sich mit irgendeiner Werbung, usw. Penetrant wie sau!) Was ich alleine schon versucht habe: - Avira hat nichts gefunden - Malwarebytes hat 24 Einträge gefunden Log: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2015/04/28 16:54:04 +0200</date>
<logfile>mbam-log-2015-04-28 (16-53-59).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.04.28.04</malware-database>
<rootkit-database>v2015.04.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Depa</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>377333</objects>
<time>327</time>
<processes>1</processes>
<modules>0</modules>
<keys>11</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>11</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<process>
<path>C:\Windows\mlwps.exe</path>
<vendor>Spyware.Keylogger</vendor>
<action>delete-on-reboot</action>
<pid>2084</pid>
<hash>2cc8bab7bad01620c2cdb04daa5b32ce</hash>
</process>
-<key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Live Malware Protection</path>
<vendor>Spyware.Keylogger</vendor>
<action>success</action>
<hash>2cc8bab7bad01620c2cdb04daa5b32ce</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3C24E2B-C820-4492-9B69-11BF7163F998}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<key>
<path>HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</key>
-<value>
<path>HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path>
<valuename>ProxyServer</valuename>
<vendor>PUM.Bad.Proxy</vendor>
<action>success</action>
<valuedata>127.0.0.1:8118</valuedata>
<hash>7c78db9624661e182ef2381fcc395fa1</hash>
</value>
-<file>
<path>C:\Windows\mlwps.exe</path>
<vendor>Spyware.Keylogger</vendor>
<action>delete-on-reboot</action>
<hash>2cc8bab7bad01620c2cdb04daa5b32ce</hash>
</file>
-<file>
<path>C:\Program Files (x86)\SmartComp Safe Network\tsie.dll</path>
<vendor>PUP.Optional.SecureWeb.A</vendor>
<action>success</action>
<hash>7084521f9cee70c6a92459ead72cca36</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Roaming\15E.tmp.exe</path>
<vendor>Trojan.Downloader</vendor>
<action>success</action>
<hash>c82c4829a6e4f54122d36ed13ec5c43c</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Temp\F79F.tmp.exe</path>
<vendor>Trojan.Downloader</vendor>
<action>success</action>
<hash>0de790e1c2c8ca6c1d530645a35fde22</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Temp\F7AF.tmp.exe</path>
<vendor>Trojan.Downloader</vendor>
<action>success</action>
<hash>a153da97fc8eeb4b8de44b009d65f709</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Temp\tasks.dll</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>e31121502c5e6ec8d02147f8a26139c7</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Temp\C190.tmp.exe</path>
<vendor>Trojan.Dropper</vendor>
<action>success</action>
<hash>a15374fdd9b10432501b3144af51ec14</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Temp\fullpackage_temp1388273687\QQBrowserFrame.dll</path>
<vendor>PUP.Optional.SkyTech.A</vendor>
<action>success</action>
<hash>a15399d8503a84b2cbda27de867cc23e</hash>
</file>
-<file>
<path>C:\Users\Depa\Downloads\Monster_Girl_Quest_Parts_1-3_100%_Translated.exe</path>
<vendor>Trojan.Downloader</vendor>
<action>success</action>
<hash>aa4a7ef38cfe4de93e341c2fc53d0df3</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Updater\tasks.dll</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>856f413001895adcf2ffde614eb5a35d</hash>
</file>
-<file>
<path>C:\Users\Depa\AppData\Local\Updater\winupd.exe</path>
<vendor>Trojan.Dropper</vendor>
<action>success</action>
<hash>21d30071f298a0967dee1f56758be41c</hash>
</file>
</items>
</mbam-log>
Jetzt hat Avira den Zugriff auf die Registry verweigert also habe ich so lange an Avira herumgefummelt bis Malwarebytes (hoffentlich) alles gelöscht hat was gelöscht werden sollte und Avira nicht mehr gemeckert hat - und MWB nichts mehr gefunden hat. Ich habe auch Firefox ohne Add-Ons (die Firefox-eigene Einstellung des abgesicherten Modus) gestartet, aber selbst da tritt das Problem noch auf. Ich habe keine Ideen mehr und traue mich auch nicht noch mehr Programme runterzuladen und eventuell nur noch mehr Adware zu installieren. Informationen zusammengestellt: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Depa (administrator) on TICIAN-PC on 28-04-2015 18:25:47
Running from C:\Users\Depa\Downloads
Loaded Profiles: Depa (Available profiles: Depa)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Depa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd.) C:\Windows\V0420Mon.exe
() C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}\[Fuwanovel] Sengoku Rance -English.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [C:\Windows\system32\V0420Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0420Ext.ax
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\Windows\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0420Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0420Ext.ax
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] => 0
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {015b8c03-7e76-11e3-80e7-8c89a583e5e1} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {21bce33c-952c-11e1-a92a-8c89a583e5e1} - J:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {21bce354-952c-11e1-a92a-8c89a583e5e1} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {88ffd682-6a3d-11e3-b2c2-8c89a583e5e1} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {89471452-0dab-11e3-a600-8c89a583e5e1} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\MountPoints2: {ebcb88bf-f382-11e1-bb5c-8c89a583e5e1} - F:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-06-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[Fuwanovel] Sengoku Rance -English.lnk [2015-04-03]
ShortcutTarget: [Fuwanovel] Sengoku Rance -English.lnk -> C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}\[Fuwanovel] Sengoku Rance -English.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3395007371-2415239885-1033044470-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6468683B-0A2E-4810-A596-9520230A014A}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{80C8F050-A809-4F25-BEB9-1DA3F34BECC7}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{95CBA590-6AFE-4A47-B954-07151EBD7BA1}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{B2721CA6-79D9-4349-BF90-16569F7CCB8E}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{F9E3D0F5-C2C2-4E16-B888-2912C6B5B322}: [NameServer] 139.7.30.125 139.7.30.126
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Depa\AppData\Roaming\Mozilla\Firefox\Profiles\lqtak1u7.default-1394196227117
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\53f39435d67718355d99bbffbfe5b271 [2015-04-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-04-05] (Overwolf LTD)
R2 PrivoxyService; C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200 2015-04-27] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-04-25] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-04-25] (Ralink Technology, Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-10-19] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2118176 2010-08-17] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 cpuz130; \??\C:\Users\Depa\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 18:25 - 2015-04-28 18:25 - 00017793 _____ () C:\Users\Depa\Downloads\FRST.txt
2015-04-28 18:24 - 2015-04-28 18:25 - 00000000 ____D () C:\FRST
2015-04-28 18:24 - 2015-04-28 18:24 - 02100736 _____ (Farbar) C:\Users\Depa\Downloads\FRST64.exe
2015-04-28 16:51 - 2015-04-28 16:51 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-28 16:51 - 2015-04-28 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-28 16:51 - 2015-04-28 16:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-28 16:51 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-28 16:51 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-28 16:51 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-28 16:48 - 2015-04-28 16:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Depa\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-28 02:38 - 2015-04-28 02:38 - 00003290 _____ () C:\Windows\System32\Tasks\SmartComp Safe Network Viewer
2015-04-27 23:35 - 2015-04-28 17:04 - 00000000 ____D () C:\Users\Depa\AppData\Local\Updater
2015-04-27 23:35 - 2015-04-28 17:04 - 00000000 ____D () C:\Program Files (x86)\SmartComp Safe Network
2015-04-27 23:35 - 2015-04-27 23:35 - 00003328 _____ () C:\Windows\System32\Tasks\Malware Cleaner
2015-04-27 23:35 - 2015-04-27 23:35 - 00003264 _____ () C:\Windows\System32\Tasks\Security Update
2015-04-27 23:35 - 2015-04-27 23:35 - 00000000 _____ () C:\Users\Depa\AppData\Roaming\15E.tmp
2015-04-22 13:45 - 2015-04-28 02:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 21:57 - 2015-04-19 22:32 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-19 21:57 - 2015-04-19 21:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-19 20:59 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-19 20:59 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-15 04:23 - 2015-04-15 04:23 - 10440843 _____ () C:\Users\Depa\Downloads\Rewinside.zip
2015-04-15 00:19 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 00:19 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 00:19 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 00:19 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 00:19 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 00:19 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 00:19 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 00:19 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 00:19 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 00:19 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 00:19 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 00:19 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 00:19 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 00:19 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 00:19 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 00:19 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 00:19 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 00:19 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 00:19 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 00:19 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 00:19 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 00:19 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 00:19 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 00:19 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 00:19 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 00:19 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 00:19 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 00:19 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 00:19 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 00:19 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 00:19 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 00:19 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 00:19 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 00:19 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 00:19 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 00:19 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 00:19 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 00:19 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 00:19 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 00:19 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 00:19 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 00:19 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 00:19 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 00:19 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 00:19 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 00:19 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 00:19 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 00:19 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 00:19 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 00:19 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 00:19 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 00:19 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 00:19 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 00:19 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 00:19 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 00:19 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 00:19 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 00:19 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 00:19 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 00:19 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 00:19 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 00:19 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 00:19 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 00:19 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 00:19 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 00:19 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 00:19 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 00:19 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 00:19 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 00:19 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 00:19 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 00:19 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 00:19 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 00:19 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 00:19 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 00:19 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 00:19 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 00:19 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 00:19 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 00:19 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 00:19 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 00:19 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 00:19 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 00:19 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 00:19 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 00:19 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 00:19 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 00:19 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 00:19 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 00:19 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 00:19 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 00:19 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 00:19 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 00:19 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 00:19 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 00:19 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 00:19 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 00:19 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 00:19 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 00:19 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 00:19 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 00:19 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 00:19 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 00:19 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 00:19 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 00:19 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 00:19 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 00:19 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 00:19 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 00:19 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 00:19 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 00:19 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 00:19 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-15 00:19 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 00:18 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 00:18 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 00:18 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-07 20:56 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Depa\Documents\Heroes of the Storm
2015-04-04 15:50 - 2015-04-04 15:50 - 00000909 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-04 15:50 - 2015-04-04 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-04 15:30 - 2015-04-07 21:20 - 00000000 ____D () C:\Users\Depa\AppData\Local\Battle.net
2015-04-04 15:30 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-04 15:30 - 2015-04-04 15:30 - 00000832 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-04-04 15:30 - 2015-04-04 15:30 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Battle.net
2015-04-04 15:30 - 2015-04-04 15:30 - 00000000 ____D () C:\Users\Depa\AppData\Local\Blizzard Entertainment
2015-04-04 15:30 - 2015-04-04 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-04 15:26 - 2015-04-04 15:26 - 03081784 _____ (Blizzard Entertainment) C:\Users\Depa\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2015-04-04 15:26 - 2015-04-04 15:26 - 00000000 ____D () C:\ProgramData\Battle.net
2015-04-03 04:06 - 2015-04-03 04:06 - 00001491 _____ () C:\Users\Depa\Desktop\System40.exe - Verknüpfung.lnk
2015-04-03 04:03 - 2015-04-03 04:20 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2015-04-03 04:02 - 2015-04-03 04:02 - 01391104 _____ () C:\Users\Depa\Downloads\apploc.msi
2015-04-03 02:31 - 2015-04-03 02:31 - 00000851 _____ () C:\Users\Depa\Desktop\µTorrent.lnk
2015-04-03 02:30 - 2015-04-28 02:38 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\uTorrent
2015-04-03 02:30 - 2015-04-03 02:30 - 01741904 _____ (BitTorrent Inc.) C:\Users\Depa\Downloads\uTorrent.exe
2015-04-03 02:24 - 2015-04-20 10:41 - 00000000 ____D () C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}
2015-04-03 02:17 - 2015-04-03 02:17 - 00460800 _____ () C:\Users\Depa\Downloads\[Fuwanovel] Sengoku Rance -English.exe
2015-04-02 02:48 - 2015-04-02 02:48 - 00000000 ____D () C:\Users\Depa\Tracing
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 18:10 - 2009-07-14 06:45 - 00031120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 18:10 - 2009-07-14 06:45 - 00031120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 18:08 - 2010-11-21 08:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-04-28 18:08 - 2010-11-21 08:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-04-28 18:08 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 18:06 - 2012-01-18 13:47 - 01211770 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 18:04 - 2012-01-21 17:47 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Skype
2015-04-28 18:03 - 2014-12-16 02:23 - 00003198 _____ () C:\Windows\System32\Tasks\Run LSI
2015-04-28 18:03 - 2014-04-24 14:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-28 18:02 - 2015-01-30 14:02 - 00000000 ____D () C:\Program Files (x86)\Trillian
2015-04-28 18:02 - 2014-03-07 22:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-28 18:02 - 2012-06-13 20:48 - 00000000 ___RD () C:\Users\Depa\Dropbox
2015-04-28 18:02 - 2012-06-13 20:40 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Dropbox
2015-04-28 18:02 - 2010-11-21 05:47 - 00876930 _____ () C:\Windows\PFRO.log
2015-04-28 18:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-28 18:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 18:02 - 2009-07-14 06:51 - 00110375 _____ () C:\Windows\setupact.log
2015-04-28 17:37 - 2012-04-03 19:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 16:35 - 2014-10-13 11:47 - 00000000 ____D () C:\Users\Depa\AppData\Local\Unity
2015-04-28 16:19 - 2013-03-15 22:44 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-04-28 12:34 - 2012-01-21 15:34 - 00000000 ____D () C:\Spiele
2015-04-27 23:36 - 2012-01-20 09:26 - 00001186 _____ () C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 23:28 - 2013-07-15 18:52 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\.minecraft
2015-04-27 01:30 - 2015-03-22 06:20 - 00000000 ____D () C:\Users\Depa\Desktop\Spiri
2015-04-25 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-24 11:30 - 2012-06-13 20:41 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 10:25 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 18:44 - 2014-06-23 22:18 - 00000481 _____ () C:\Users\Depa\Desktop\Minecraft.txt
2015-04-20 18:47 - 2014-10-19 02:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-20 18:47 - 2014-10-19 02:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-20 18:47 - 2013-10-25 10:41 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-20 18:47 - 2013-07-24 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-20 18:47 - 2013-07-24 17:49 - 00000000 ____D () C:\Program Files\Java
2015-04-20 13:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 13:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 11:02 - 2015-01-29 17:58 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSI - LoL Summoner Information
2015-04-20 11:02 - 2015-01-29 17:58 - 00000000 ____D () C:\Users\Depa\AppData\Local\LSI
2015-04-19 21:58 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-19 21:58 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-19 21:58 - 2009-07-14 06:45 - 00354584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-19 21:57 - 2014-12-27 17:49 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 21:57 - 2014-05-06 18:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 21:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-04-19 21:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-19 21:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-19 21:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-19 20:59 - 2012-06-13 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-19 20:55 - 2013-05-14 11:58 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 20:51 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-18 22:37 - 2014-12-13 06:09 - 00000000 ____D () C:\Users\Depa\AppData\Roaming\Audacity
2015-04-15 16:37 - 2012-04-03 19:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:37 - 2012-04-03 19:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 16:37 - 2012-01-20 11:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 15:42 - 2013-09-26 18:27 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-04-12 16:44 - 2012-01-28 21:49 - 00000000 ____D () C:\Users\Depa\Documents\Youcam
2015-04-10 18:48 - 2015-03-25 18:48 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-10 18:48 - 2015-03-25 18:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 18:48 - 2013-01-23 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 18:48 - 2013-01-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-02 02:48 - 2014-10-13 08:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-02 02:48 - 2012-01-21 17:46 - 00000000 ____D () C:\ProgramData\Skype
2015-04-02 02:48 - 2012-01-20 09:26 - 00000000 ____D () C:\Users\Depa
2015-04-01 11:16 - 2012-01-20 09:42 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-04-27 23:35 - 2015-04-27 23:35 - 0000000 _____ () C:\Users\Depa\AppData\Roaming\15E.tmp
2012-02-11 19:10 - 2015-02-12 20:21 - 0007603 _____ () C:\Users\Depa\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Depa\AppData\Local\Temp\avgnt.exe
C:\Users\Depa\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Depa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbi_tfh.dll
C:\Users\Depa\AppData\Local\Temp\GuardICQ.exe
C:\Users\Depa\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Depa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Depa\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Depa\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Depa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Depa\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Depa\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Depa\AppData\Local\Temp\nvStInst.exe
C:\Users\Depa\AppData\Local\Temp\Quarantine.exe
C:\Users\Depa\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Depa\AppData\Local\Temp\sfextra.dll
C:\Users\Depa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Depa\AppData\Local\Temp\tmd_34011207.exe
C:\Users\Depa\AppData\Local\Temp\tmd_34013820.exe
C:\Users\Depa\AppData\Local\Temp\tmd_34014695.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 13:21
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Depa at 2015-04-28 18:26:01
Running from C:\Users\Depa\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3395007371-2415239885-1033044470-500 - Administrator - Disabled)
Depa (S-1-5-21-3395007371-2415239885-1033044470-1001 - Administrator - Enabled) => C:\Users\Depa
Gast (S-1-5-21-3395007371-2415239885-1033044470-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3395007371-2415239885-1033044470-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.502 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
calibre (HKLM-x32\...\{3FBA72CD-A3EB-42A2-89DF-DF2366BEA779}) (Version: 2.10.0 - Kovid Goyal)
Canon MP190 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version: - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2512 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LSI - LoL Summoner Information (HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: v4.6.1 - Aequus Gaming Ltd.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{63900031-722d-43b7-99f7-42a4ae930395}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.84.95.0 - Overwolf Ltd.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.0 - Activision)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.2.34962 - Vodafone)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3395007371-2415239885-1033044470-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Depa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06EFBFC4-4C64-488C-A727-A817DE5C8383} - System32\Tasks\{5DC4B076-16C0-42A6-BCE2-7BC94650AC2D} => D:\SETUP.EXE
Task: {16571056-AE6D-4092-8D4E-27E40B861BEF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {22916677-8652-4631-BABD-0CFA8BB66CD1} - System32\Tasks\Malware Cleaner => C:\Users\Depa\AppData\Roaming\15E.tmp.exe <==== ATTENTION
Task: {274EDEAC-44FC-4496-9F01-D55FF104EA94} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28D978DF-8484-4C98-8FBD-0CE19F70D740} - System32\Tasks\{E6D60B84-5702-4681-9B09-3BB861615C28} => pcalua.exe -a "C:\Program Files (x86)\D-Link\InstallSvc.exe" -d "C:\Program Files (x86)\D-Link"
Task: {28F359E9-7A94-4A9A-844A-538B5F4F6940} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-04-05] (Overwolf LTD)
Task: {2F6025BE-DFED-423D-BF37-F8740FCD55C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {346F7FE9-7062-42A4-8B00-70F9FCEF793A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {63A20A37-DF7E-4B10-ADB7-7321BD11217C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {69E3AC03-2924-4B33-BDA5-7D06A51B55E5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6CC4AAFB-C87D-4B16-81A4-E4623B7725D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6FD8D1D9-DDEE-4FC1-AA43-FBBC694E1CD2} - System32\Tasks\Security Update => C:\Users\Depa\AppData\Local\Updater\winupd.exe
Task: {7CB18726-1D60-45FA-AF4C-7226D60393AD} - System32\Tasks\Run LSI => C:\Spiele\LSI\LoLSummonerInfo.exe [2015-04-20] (Aequus Gaming)
Task: {93318727-7AED-4D56-9FCF-A4A63362018C} - System32\Tasks\SmartComp Safe Network Viewer => C:\Program Files (x86)\SmartComp Safe Network\msnworker.exe [2015-04-27] (SecureSoft)
Task: {BDDE05FF-6B5D-4E59-A727-01E61D65AEF7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C6A460B8-5E25-4F76-A7CB-95D30AFDF745} - System32\Tasks\{4B255621-E7C7-4DCD-A266-73447BD4563E} => D:\SETUP.EXE
Task: {D235759A-EBE0-48D9-8DD4-6C5B4419750E} - System32\Tasks\{BF65DF05-43EB-45CD-A45C-67E90E50B9DC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-07 22:19 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-18 14:35 - 2009-07-02 16:02 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-03 02:24 - 2014-04-03 02:24 - 00460800 _____ () C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}\[Fuwanovel] Sengoku Rance -English.exe
2015-04-27 23:35 - 2015-04-27 23:35 - 00086528 _____ () C:\Program Files (x86)\SmartComp Safe Network\mgwz.dll
2015-04-28 18:02 - 2015-04-28 18:02 - 00043008 _____ () c:\users\depa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbi_tfh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Depa\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Depa\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Depa\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Depa\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-15 16:37 - 2015-04-15 16:37 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3395007371-2415239885-1033044470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Depa\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^Users^Depa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Depa\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4F0ADB5D-3E43-4F79-AD20-BFEE0E8C8E04}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AA579998-85A8-4F48-9A16-CEEF7E73500F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{8D2FB113-9938-4C56-A312-05BA5D7164EB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{7E34545C-53E6-415C-88E1-85DFC6DB501F}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{E348968B-79C8-48C5-A97B-C4F1ED352BEC}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{E813DEC4-F0EC-4914-8B21-4A563DF05EDD}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{C9112BC9-942A-4634-8C81-7E8CE2C70175}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{5E34614B-C09F-4015-87A4-7F4E3340A7D8}] => (Allow) C:\Spiele\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{749E56EB-2221-4DA8-88D2-6DE3760457CB}] => (Allow) C:\Spiele\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{6956DEB4-519E-4778-A991-ABFABDA1D611}] => (Allow) C:\Spiele\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{71BE30BE-A857-4640-AEAE-2DA2623B8686}] => (Allow) C:\Spiele\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{4796EEAF-C7CE-4FFB-BAFC-0DA0CA984585}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91C11FC6-120F-47AC-AA79-3267ACCE7E26}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{D863DC9E-02E4-4EC8-A715-17D9A64DC8EE}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{AEB8B2FC-D8EF-497A-9F52-F2F7B0DFC4F7}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{3322F263-925C-4FA0-B875-5051A9B05AC3}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{C9567755-7B8C-43E3-BC9F-80A7A95105FE}] => (Allow) C:\Users\Depa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{86411BC8-2384-424C-B261-07BAF21A12B1}] => (Allow) C:\Users\Depa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ADE31FB4-999F-4262-852E-498E5F7F06F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{A918DEF7-B768-412E-9722-A0B64D5F0074}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [TCP Query User{6DDBA606-653E-4868-9E5A-8DD965DEFB41}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [UDP Query User{76CFF34E-333E-44E9-95DE-EDB784EC6E07}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [TCP Query User{24FC02E2-C6E7-4339-B963-C7CC3394FFB2}C:\program files (x86)\xfire\xfire.exe] => (Allow) C:\program files (x86)\xfire\xfire.exe
FirewallRules: [UDP Query User{C565B51A-1B01-4FDF-8188-E7824FB8610A}C:\program files (x86)\xfire\xfire.exe] => (Allow) C:\program files (x86)\xfire\xfire.exe
FirewallRules: [{800B597A-C13C-431D-AB42-5451A2809928}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{90BE6113-18F7-41F0-8448-6E823BC1C5AD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3AA3FC15-24A7-4391-9F59-04C39D36F2B2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E3E564C9-2576-47A2-99FD-87AB10920E63}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8FE9BFFB-7658-4F1B-81FA-24695A39CD50}C:\users\depa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\depa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5F4518FC-680B-4890-93BD-1E51A523FFD0}C:\users\depa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\depa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{9F0E194C-027A-4747-AC39-0EECB081EFB7}C:\users\depa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\depa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3DDC1C7C-517E-455E-96C1-DC75C3B68883}C:\users\depa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\depa\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FE15D682-C5CA-4323-B84C-F3100B236D0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BD6530D5-6B32-4B1D-B2FA-D5CBB773867D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B7CA435C-9624-49F6-954B-0A49A12C1DEF}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{64CDC0CA-4F52-4384-AC60-2DE4D29F3B77}] => (Allow) LPort=2099
FirewallRules: [{DDBCBC79-0BFB-4B72-8F91-DE6DD37BF07E}] => (Allow) LPort=2099
FirewallRules: [TCP Query User{07020150-CA16-4478-8DD1-596D6686DCF0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3959466A-4C03-4629-8752-FD760A3F269D}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{619A412B-DCB0-43EB-9DAF-B1A80A0F35A8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{B99A1A97-5D66-497F-8C89-8EE67090C045}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{149EB94A-85C0-456D-BCB6-132AEDF720BE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{3BF395E3-680A-4362-AC11-0303B6AE0375}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B60557D7-2759-4CF7-A5A1-6759352685C0}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D39D5ED4-76AE-4BAE-BA6D-488F6F11BF29}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{FEF48AE6-2734-44B7-B735-698606EAF91D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9A34FCB9-84A5-4E45-9E92-E3DB32A73BCE}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{12B2EC4A-83BD-4C64-BF12-DE41714E5D32}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{25585A97-1F1E-4BF6-A640-A54B30D29872}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C5BE5348-19D2-4506-9C53-2DD5E29A3CB1}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\dp_x86.exe
FirewallRules: [{016C4B2A-F45B-42F2-9A88-113D8F1F1BBC}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\launcher.exe
FirewallRules: [{F2DF7EEB-06B4-4A9F-8261-D20C4B756414}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\dp_x64.exe
FirewallRules: [{ABE64A58-42E0-42A7-AE21-3B82C5B7521E}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\launcher.exe
FirewallRules: [{E45666D0-BD92-4AF5-BAFD-898B567BDBAB}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\dp_x86.exe
FirewallRules: [{5CBBB4D1-CB75-4D74-B726-D7C18C617A06}] => (Allow) C:\Spiele\Dragons Prophet\Dragon's Prophet\dp_x64.exe
FirewallRules: [{6E8F2F96-CFD8-4E40-981F-3D41616B961F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6C3D660E-5F8A-4054-9A1E-D666F3762CBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEB8BFF8-AC5F-41C0-8896-73301B527964}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [{11E19B8F-4813-4DE5-97BD-BED2F763C18F}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [{F0E1A156-40A8-4D1F-9B7C-7C7D5ACA39BB}] => (Allow) C:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{902813B3-6AE5-46F9-8E91-71D22051D68A}] => (Allow) C:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{79B0B1A5-CF90-4A0B-AB9E-C3203DC59EC4}] => (Allow) C:\Spiele\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{97EAE7F1-818C-42FC-914A-B53326FDEEDA}] => (Allow) C:\Spiele\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7B72B3B4-217B-4D4F-AA06-43DDBEA09936}] => (Allow) C:\Spiele\Dragon's Prophet\dp_x64.exe
FirewallRules: [{40B4468A-BB1B-48C4-AE96-C8AFD1112EA8}] => (Allow) C:\Spiele\Dragon's Prophet\dp_x86.exe
FirewallRules: [{09EFB7F1-702F-4A12-948F-9EB077EE6060}] => (Allow) C:\Spiele\Dragon's Prophet\launcher.exe
FirewallRules: [{929AA0A2-6F40-45C1-B5A6-AF3DF8926BDA}] => (Allow) C:\Spiele\Dragon's Prophet\dp_x86.exe
FirewallRules: [{CACFEAAE-E691-4219-AC3D-6B876522449B}] => (Allow) C:\Spiele\Dragon's Prophet\launcher.exe
FirewallRules: [{4EAD61EE-D6A4-4D55-A8C0-491AD971DA27}] => (Allow) C:\Spiele\Dragon's Prophet\dp_x64.exe
FirewallRules: [{EF7E8EFE-8EA5-4189-BD4E-B61CCE2AB8B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E551810-CDFB-459A-AE07-BC41FED6D13B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B32850-28FC-457B-AB17-B17E9D8094D1}] => (Allow) C:\Users\Depa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B050A857-3437-45FC-94C2-50FAED730869}] => (Allow) C:\Users\Depa\AppData\Roaming\uTorrent\uTorrent.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2015 06:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2015 00:23:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 05:19:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/26/2015 00:18:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/25/2015 01:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2015 08:19:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2015 11:28:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2015 10:27:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2015 04:00:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.9.460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1560
Startzeit: 01d07d04025d4385
Endzeit: 60000
Anwendungspfad: c:\program files (x86)\avira\antivir desktop\avscan.exe
Berichts-ID: c830c42b-e8f7-11e4-933f-8c89a583e5e1
Error: (04/22/2015 00:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/28/2015 05:49:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/28/2015 00:21:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.37
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (04/27/2015 11:35:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Privoxy (PrivoxyService)" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/27/2015 05:17:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/26/2015 02:04:58 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/24/2015 10:56:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/24/2015 08:17:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.04.2015 um 20:16:26 unerwartet heruntergefahren.
Error: (04/24/2015 02:47:27 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/23/2015 00:26:24 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/22/2015 01:02:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (04/28/2015 06:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2015 00:23:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 05:19:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/26/2015 00:18:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/25/2015 01:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2015 08:19:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2015 11:28:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2015 10:27:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2015 04:00:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe15.0.9.460156001d07d04025d438560000c:\program files (x86)\avira\antivir desktop\avscan.exec830c42b-e8f7-11e4-933f-8c89a583e5e1
Error: (04/22/2015 00:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2012-07-05 17:27:16.333
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Depa\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-05 17:27:16.325
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Depa\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-05 17:27:16.308
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-05 17:27:16.300
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8172.86 MB
Available physical RAM: 6049.23 MB
Total Pagefile: 16343.91 MB
Available Pagefile: 13635.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:2.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SWTFU Disc 2) (CDROM) (Total:6.73 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 341F8E16)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-28 18:48:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 OCZ-AGILITY3 rev.2.15 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Depa\AppData\Local\Temp\uxdiipod.sys
---- Processes - GMER 2.1 ----
Process C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}\[Fuwanovel] Sengoku Rance -English.exe (*** suspicious ***) @ C:\ProgramData\{be9c230c-7d9a-34b5-be9c-c230c7d98c31}\[Fuwanovel] Sengoku Rance -English.exe [2676](2014-04-03 00:24:31) 0000000000e40000
---- EOF - GMER 2.1 ----
ich hoffe ihr könnt mir weiter helfen ich bin wirklich am verzweifeln. Grüße Tician |
| Themen zu Windows 7: Adware in Firefox |
| antivir, avira, browser, computer, converter, desktop, einstellung, entfernen, firefox, flash player, google, install.exe, launch, logfile, maus, mp3, problem, realtek, scan, security, software, system, trojaner, trojaner board, vista, werbung, windows |
Baum-Darstellung