| |
| |||||||
Log-Analyse und Auswertung: TR/Coinminer.J bei win 8.1 nicht zu entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2015, 12:38
| #1 |
 |  TR/Coinminer.J bei win 8.1 nicht zu entfernen Wird zwar blockiert und in die Quarantäne verschoben kann auch von dort aus gelöscht werden taucht aber nach Neustart immer wieder auf. Im abgesicherten Modus bleibt er unentdeckt. Bei deaktivierten Lan kommt kein Antivir Warnhinweis. GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-05-20 13:22:51 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\0000003e Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: Gmer-19357.exe; Driver: C:\Users\caroline\AppData\Local\Temp\ufldapow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [620:644] fffff960008a12d0 Thread C:\Windows\system32\csrss.exe [620:668] fffff960008a12d0 Thread C:\Windows\SYSTEM32\ntdll.dll [6796:6800] 0000000000fa98ce Thread C:\Windows\SYSTEM32\ntdll.dll [6796:6940] 000000006e1bc1f0 Thread C:\Windows\SYSTEM32\ntdll.dll [6796:6944] 0000000069048bce Thread C:\Windows\SYSTEM32\ntdll.dll [6796:7044] 0000000074f93730 ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\InstallShield Installation Information\{1DF11DAD-D427-4E1D-ABB6-04CB881EBE06}\CloudAPI\CloudAPI.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2024](2014-05-23 15:26:51) 0000000072680000 Library c:\users\caroline\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpstiy.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128](2015-05-20 11:03:43) 0000000004e10000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006bdb0000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 00000000057d0000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006b990000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006b6a0000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128](2015-03-04 21:45:30) 000000006b540000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006ad70000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069ce0000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069a50000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069790000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069760000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128](2015-03-04 21:45:30) 0000000069750000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069720000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000696e0000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069690000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128](2015-03-04 21:45:30) 0000000069560000 Library C:\Users\caroline\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [6128](2015-03-04 21:45:30) 0000000069520000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xDA 0xC2 0xA9 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x47 0x9D 0xB6 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 211 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0xC3 0x76 0xAF 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM027FHS4Q100902_02_07D8_6F+SAM0526H9MSA10422_2B_07D9_DB^03C6031D226EF25C7EE6A786 82685AEA@Timestamp 0xEE 0x47 0x6D 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 688 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9AD7C94A-46E9-4BCF-8017-85A203117B5E}\Connection@Name isatap.home Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1960756080 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 363f32bb-64e8-4f52-b6c8-6fe0d37 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{ca30dae5-5db4-4187-a2d5-787bec7975d2} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SrcHandle-High -16384 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SrcHandle-Low 1760870608 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SnkHandle-High -16384 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SnkHandle-Low 1559609360 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Tg-High -16384 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Tg-Low 1760758592 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Ctrl-High -16384 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Ctrl-Low 1652292224 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a64508c30 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a64508c30@7c1e520ada4c 0x6F 0x52 0xD7 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a64508c30@fc58fa16089e 0x33 0x3E 0xEF 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{11289462-0d6d-4f0e-87bf-97efb12c8253}@LastProbeTime 1432123231 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9AD7C94A-46E9-4BCF-8017-85A203117B5E}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9AD7C94A-46E9-4BCF-8017-85A203117B5E}@DefunctTimestamp 0xF3 0x1C 0x5C 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11062 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2650 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 212 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55366C0-9976-4DBE-9CC8-2003689175C5}@LeaseObtainedTime 1432116015 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55366C0-9976-4DBE-9CC8-2003689175C5}@T1 1432159215 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55366C0-9976-4DBE-9CC8-2003689175C5}@T2 1432191615 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55366C0-9976-4DBE-9CC8-2003689175C5}@LeaseTerminatesTime 1432202415 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 570 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 2721 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Blocked 2721 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 2721 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore@Count 22 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 1896 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 2721 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x79 0x64 0xC6 0xB9 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x03 0x09 0x9F 0xD2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x03 0x09 0x9F 0xD2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 39226 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x03 0x09 0x9F 0xD2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 39226 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x03 0x09 0x9F 0xD2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x30 0x73 0x95 0xB6 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63567710207333%3bID%3dBE50F3BAF4ABDDF9!120%3bLR%3d63567712831463%3bEP%3d4%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xEC 0x91 0xDF 0x4C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 6 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0xEB 0x8F 0xDC 0xD3 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DipAwayMode.exe_c95df8bf6b3c1b0b48fdf69f812982ba341bbf0_c7722fa0_1ab0954a ---- EOF - GMER 2.1 ---- Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.05.2015 Suchlauf-Zeit: 21:02:08 Logdatei: malware.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: caroline Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353101 Verstrichene Zeit: 6 Min, 37 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 2 PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2499066365-3350258436-517844590-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [12675ae9c1c964d2c8536cb0e61d23dd], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [12675ae9c1c964d2c8536cb0e61d23dd], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
|
20.05.2015, 12:51
| #2 |
| /// the machine /// TB-Ausbilder    | TR/Coinminer.J bei win 8.1 nicht zu entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.05.2015, 13:03
| #3 |
| | TR/Coinminer.J bei win 8.1 nicht zu entfernen FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by caroline (administrator) on LOTTER on 20-05-2015 13:16:18
Running from C:\Users\caroline\Desktop
Loaded Profiles: caroline (Available profiles: caroline)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
() C:\AMD\amdacpusrsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Windows\SysWOW64\TMController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows8FirewallControl] => C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1205248 2013-09-30] (Sphinx Software)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [TMController] => C:\Windows\SysWOW64\TMController.exe [184396 2006-08-24] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-27] (Atheros Communications)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [EADM] => J:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-11] (Electronic Arts)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [GoogleChromeAutoLaunch_E50409BE88589B0A7F68BA91928A79AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-05-27] (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2499066365-3350258436-517844590-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-01] ()
Chrome:
=======
CHR Profile: C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe [1660728 2013-07-31] (ASUSTeK Computer Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-20] (SurfRight B.V.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-27] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 AsusSensorSimulator; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
R3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 asusvad_micarray; C:\Windows\system32\drivers\vmic_x64.sys [38712 2013-02-27] (ASUS SZ provider)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Fwleaf; C:\Windows\system32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
S3 leafnets; C:\Windows\system32\DRIVERS\leafnets.sys [29696 2013-02-05] (Leaf Networks)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 13:16 - 2015-05-20 13:16 - 00019902 _____ () C:\Users\caroline\Desktop\FRST.txt
2015-05-20 13:16 - 2015-05-20 13:16 - 00000000 ____D () C:\FRST
2015-05-20 13:15 - 2015-05-20 13:15 - 00000478 _____ () C:\Users\caroline\Desktop\defogger_disable.log
2015-05-20 13:15 - 2015-05-20 13:15 - 00000000 _____ () C:\Users\caroline\defogger_reenable
2015-05-20 13:11 - 2015-05-20 13:11 - 02107904 _____ (Farbar) C:\Users\caroline\Desktop\FRST64.exe
2015-05-20 13:11 - 2015-05-20 13:11 - 00380416 _____ () C:\Users\caroline\Desktop\Gmer-19357.exe
2015-05-20 13:10 - 2015-05-20 13:10 - 00050477 _____ () C:\Users\caroline\Desktop\Defogger.exe
2015-05-20 13:03 - 2015-05-20 13:03 - 00281248 _____ () C:\Windows\Minidump\052015-6875-01.dmp
2015-05-20 13:03 - 2015-05-20 13:03 - 00000000 ___RD () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-20 11:36 - 2015-05-20 11:36 - 00001475 _____ () C:\Users\caroline\Desktop\trojaner.txt
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-20 07:55 - 2015-05-20 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-20 07:43 - 2015-05-20 12:04 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 07:43 - 2015-05-20 08:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000860 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-18 21:30 - 2015-05-18 21:30 - 00001250 _____ () C:\Users\caroline\Desktop\mal2.txt
2015-05-18 21:18 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:18 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:09 - 2015-05-18 21:09 - 00001538 _____ () C:\Users\caroline\Desktop\malware.txt
2015-05-18 21:00 - 2015-05-20 11:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 21:00 - 2015-05-18 21:00 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 21:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 20:50 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 20:50 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 20:50 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-18 20:50 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-18 20:50 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-18 20:50 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-18 20:50 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-18 20:50 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-18 20:50 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 20:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 20:49 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 20:49 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 20:49 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 20:49 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 20:49 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 20:49 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 20:49 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 20:49 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 20:49 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 20:49 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 20:49 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 20:49 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 20:49 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 20:49 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 20:49 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 20:49 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 20:49 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 20:49 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 20:49 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 20:49 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 20:49 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 20:49 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 20:49 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 20:49 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-18 20:49 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-18 20:49 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-18 20:49 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-18 20:49 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 20:49 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 20:49 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-18 20:49 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-18 20:49 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-18 20:49 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-18 20:49 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 20:49 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 20:49 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 20:49 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-18 20:49 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-18 20:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 20:49 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-18 19:54 - 2015-05-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-05-18 19:44 - 2015-05-18 19:44 - 00000000 ____D () C:\ProgramData\GFI Software
2015-05-18 19:31 - 2015-05-18 19:54 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-05-18 19:31 - 2015-05-18 19:31 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2015-05-16 20:40 - 2015-05-20 11:43 - 00006118 _____ () C:\Windows\PFRO.log
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-16 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-15 21:08 - 2015-05-20 13:03 - 00003016 _____ () C:\Windows\setupact.log
2015-05-15 21:08 - 2015-05-15 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-10 15:35 - 2015-05-10 15:35 - 00000233 _____ () C:\Users\caroline\Desktop\Far Cry 4.url
2015-05-10 15:35 - 2015-05-10 15:35 - 00000233 _____ () C:\Users\caroline\Desktop\Far Cry 4 Map Editor.url
2015-05-03 20:05 - 2015-05-03 20:05 - 00000000 ____D () C:\Users\caroline\Desktop\CORE-KeyGen
2015-04-26 09:49 - 2015-04-26 09:49 - 00000146 _____ () C:\Users\caroline\Desktop\Sound - Verknüpfung (2).lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00002141 _____ () C:\Users\caroline\Desktop\JDownloader 2.lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-25 19:13 - 2015-05-18 20:44 - 00000000 ____D () C:\Users\caroline\AppData\Local\JDownloader v2.0
2015-04-25 19:07 - 2015-04-25 19:10 - 00231544 _____ () C:\Users\caroline\Desktop\Install JDownloader 2 BETA.exe
2015-04-23 20:59 - 2015-04-23 20:59 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\WinRAR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 13:15 - 2014-06-02 20:14 - 01466424 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 13:15 - 2014-05-22 18:37 - 00000000 ____D () C:\Users\caroline
2015-05-20 13:13 - 2014-05-23 20:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 13:11 - 2014-05-23 20:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 13:11 - 2014-05-23 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-20 13:09 - 2014-05-23 17:43 - 00000000 _____ () C:\Windows\Path.idx
2015-05-20 13:09 - 2014-05-22 18:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 13:09 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 13:09 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 13:08 - 2014-05-22 18:43 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2499066365-3350258436-517844590-1001
2015-05-20 13:04 - 2014-05-23 17:31 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-05-20 13:03 - 2015-01-11 12:28 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 13:03 - 2014-12-30 20:13 - 676292187 _____ () C:\Windows\MEMORY.DMP
2015-05-20 13:03 - 2014-12-02 13:04 - 00059913 _____ () C:\Windows\temp023423.vbe
2015-05-20 13:03 - 2014-05-23 18:20 - 00000000 ___RD () C:\Users\caroline\Dropbox
2015-05-20 13:03 - 2014-05-23 18:18 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Dropbox
2015-05-20 13:03 - 2014-05-23 17:36 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 13:03 - 2014-05-23 17:31 - 00000000 ____D () C:\Users\caroline\AppData\Local\CrashDumps
2015-05-20 13:03 - 2014-05-22 18:38 - 00000000 ___DO () C:\Users\caroline\SkyDrive
2015-05-20 13:03 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 11:42 - 2014-05-22 18:42 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-20 11:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-05-20 07:57 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2015-05-20 07:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-20 07:52 - 2015-01-11 12:28 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 07:52 - 2015-01-11 12:28 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 07:51 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 07:38 - 2014-05-22 18:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E73E662-1021-46F4-9D3F-D6EABFA012B6}
2015-05-20 07:37 - 2014-05-23 20:04 - 00000000 ____D () C:\Users\caroline\AppData\Local\Adobe
2015-05-20 07:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 07:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 21:21 - 2013-08-22 16:44 - 05147224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 21:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-18 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 21:19 - 2014-05-23 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 21:17 - 2014-05-23 17:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 21:15 - 2014-05-23 17:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 21:13 - 2014-06-15 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 21:12 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 21:03 - 2014-05-22 22:17 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\vlc
2015-05-18 20:48 - 2014-05-23 18:19 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 20:46 - 2015-01-11 12:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:46 - 2015-01-11 12:28 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 20:45 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 20:45 - 2015-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-05-18 20:45 - 2013-08-23 01:26 - 00000000 ____D () C:\Windows\ShellNew
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 __RSD () C:\Windows\Media
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 20:44 - 2015-01-11 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 20:44 - 2014-12-30 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-05-18 20:44 - 2014-09-11 08:24 - 00000000 ____D () C:\Users\caroline\Desktop\Adobe Photoshop CC 2014.1.0 (x64) + CameraRaw 8.6 [ChingLiu]
2015-05-18 20:44 - 2014-06-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-05-18 20:44 - 2014-05-22 18:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 20:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-13 20:38 - 2014-05-22 12:50 - 00018432 ___SH () C:\Users\caroline\Desktop\Thumbs.db
2015-05-13 15:21 - 2014-11-30 21:52 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\TS3Client
2015-05-05 19:59 - 2014-12-10 19:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-12-10 19:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 22:12 - 2014-12-30 17:03 - 00000000 ____D () C:\ProgramData\Origin
2015-05-01 19:46 - 2015-03-13 21:23 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-01 19:46 - 2014-12-01 22:02 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-01 19:46 - 2014-12-01 20:56 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-29 07:46 - 2014-06-05 14:37 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\dvdcss
2015-04-27 23:30 - 2014-08-18 20:42 - 00000659 _____ () C:\Windows\MB.idx
2015-04-26 11:31 - 2014-05-22 18:25 - 00000000 __SHD () C:\Recovery
2015-04-24 21:24 - 2014-06-02 20:16 - 00111616 ___SH () C:\Users\caroline\Downloads\Thumbs.db
2015-04-24 15:17 - 2011-03-07 13:10 - 00000000 ____D () C:\Users\caroline\Desktop\JDownloader
==================== Files in the root of some directories =======
2014-08-13 19:36 - 2014-08-13 19:36 - 0000132 _____ () C:\Users\caroline\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-23 20:25 - 2014-09-23 12:36 - 0001456 _____ () C:\Users\caroline\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-23 19:46 - 2014-05-23 19:46 - 0007597 _____ () C:\Users\caroline\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\caroline\AppData\Local\Temp\130744555063113512.exe
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Local\Temp\avgnt.exe
C:\Users\caroline\AppData\Local\Temp\dllnt_dump.dll
C:\Users\caroline\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpstiy.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole5400650792649316619.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole837397058756432899.dll
C:\Users\caroline\AppData\Local\Temp\sonarinst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-16 20:20
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by caroline at 2015-05-20 13:16:33
Running from C:\Users\caroline\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2499066365-3350258436-517844590-500 - Administrator - Disabled)
caroline (S-1-5-21-2499066365-3350258436-517844590-1001 - Administrator - Enabled) => C:\Users\caroline
Gast (S-1-5-21-2499066365-3350258436-517844590-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2499066365-3350258436-517844590-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.55 - ASUSTeK Computer Inc.)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
ComicKeeper 2.0 (HKLM-x32\...\ComicKeeper 2.0) (Version: - )
ComicKeeper 2.6 Update (HKLM-x32\...\ComicKeeper 2.6 Update) (Version: - )
CPUID ASUS CPU-Z 1.64 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.64 - CPUID, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FormatFactory 3.3.4.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
ReadyNAS Remote (HKLM-x32\...\ReadyApps) (Version: 1.6.5.23 - NETGEAR)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.8.7 (HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.8.7 - Telegram Messenger LLP)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows8FirewallControl (x64) 6.1.9.53 (HKLM\...\Windows8FirewallControl_is1) (Version: 6.1.9.53 - Sphinx Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2499066365-3350258436-517844590-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
02-05-2015 18:24:02 Windows Update
10-05-2015 13:04:57 Geplanter Prüfpunkt
13-05-2015 17:52:26 Windows Update
18-05-2015 20:38:25 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {092D1CF2-F3CE-4AE4-BA0B-300403BBC6A5} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-01] (ASUSTeK Computer Inc.)
Task: {1800597B-7495-4F9D-B03C-649D6D149B83} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2013-07-18] (ASUSTeK Computer Inc.)
Task: {28442431-025F-48F1-BD08-08E9F4786D9D} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {2965D8AB-CDF7-41B3-A530-9408B1B0137B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2C176DD1-B112-4303-96E5-3EF13A8DEF08} - System32\Tasks\Steam-S-1-8-22-9865GUI => C:\Users\caroline\AppData\Roaming\MotioninJoy\Reversed\steam.exe [2014-11-28] () <==== ATTENTION
Task: {4D2F5B57-B748-4836-ABA7-0332243B9D2E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {690BD01C-A3FD-4FC6-BA3D-643D3993C2CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {7D8C915E-41BF-4539-8C3F-C0E0998168DC} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-07-31] ()
Task: {8F237E02-53AF-4C06-9D90-65F8A68A8E21} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-18] (Microsoft Corporation)
Task: {AAAD33D8-4035-426A-9817-0EF481D24870} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {CC3927E9-FB1B-47AE-A9FF-817EBF753EBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {D2D130B2-9ECC-45EB-934D-A2955C91A628} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {ECA7A2CD-4D34-445D-9F58-12E8017BE58B} - System32\Tasks\Origin => C:\Users\caroline\AppData\Roaming\Origin\update.vbe [2014-11-30] () <==== ATTENTION
Task: {F9353BF7-A9D6-4924-8D5F-FDA5E138A196} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {FD5DF336-9773-4C17-8144-814BF8BAC101} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-04-17 21:55 - 2014-04-17 21:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2014-05-22 18:43 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-05-23 17:25 - 2013-07-31 16:20 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2015-01-11 12:21 - 2015-02-04 15:43 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 02:24 - 2015-02-05 02:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-05-23 17:26 - 2012-05-03 10:40 - 00258048 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
2013-05-27 21:40 - 2013-05-27 21:40 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-27 21:36 - 2013-05-27 21:36 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-27 22:03 - 2013-05-27 22:03 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-04-06 11:17 - 2006-08-24 12:42 - 00184396 ____R () C:\Windows\SysWOW64\TMController.exe
2014-05-23 17:25 - 2013-07-31 16:20 - 01221912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
2014-05-20 19:33 - 2014-05-20 19:33 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-22 18:43 - 2015-05-20 13:03 - 00029184 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-05-22 18:43 - 2013-07-04 03:32 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-05-23 17:24 - 2013-08-01 10:57 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-05-23 17:24 - 2013-03-13 17:12 - 00870912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2014-05-23 17:25 - 2013-07-31 16:26 - 02743808 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-05-23 17:25 - 2013-06-19 16:47 - 01129984 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-05-23 17:25 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-05-23 17:26 - 2013-06-24 17:48 - 02055168 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\WiFiGO.dll
2014-05-23 17:23 - 2013-06-04 11:41 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-05-23 17:24 - 2013-08-01 10:57 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-05-23 17:25 - 2013-07-31 16:21 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2014-05-23 17:26 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2014-05-23 17:24 - 2013-08-01 10:57 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2014-05-23 17:24 - 2013-08-01 10:57 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2014-05-23 17:27 - 2013-06-24 13:45 - 00062976 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2014-05-23 17:26 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2014-05-23 17:26 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2014-05-23 17:25 - 2013-07-31 16:20 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-05-23 17:25 - 2013-07-31 16:20 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-05-23 17:25 - 2013-07-31 16:20 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-05-23 17:25 - 2013-07-31 16:20 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-05-23 17:25 - 2013-07-31 16:20 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll
2014-05-23 17:26 - 2012-05-02 18:04 - 00233472 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\AudioProjection.dll
2014-05-23 17:26 - 2013-07-12 12:56 - 00175616 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\DLCapPP.dll
2014-05-23 17:26 - 2010-12-14 17:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
2014-05-23 17:26 - 2013-06-11 12:06 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\awiscale.DLL
2014-05-23 17:26 - 2010-10-29 18:58 - 00221184 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\JpegCD.DLL
2014-05-23 17:26 - 2013-06-13 18:50 - 02462208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\xH264E.DLL
2014-05-23 17:26 - 2013-01-31 22:59 - 00515072 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFiGO_HelpWin8.dll
2014-05-23 17:26 - 2012-01-12 16:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
2014-05-23 17:26 - 2013-06-13 17:37 - 00156160 _____ () C:\Program Files (x86)\InstallShield Installation Information\{1DF11DAD-D427-4E1D-ABB6-04CB881EBE06}\CloudAPI\CloudAPI.dll
2014-05-23 17:26 - 2013-03-21 19:38 - 00716800 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
2014-05-23 17:26 - 2012-04-25 14:47 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
2015-05-20 13:03 - 2015-05-20 13:03 - 00043008 _____ () c:\users\caroline\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpstiy.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\caroline\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\caroline\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\caroline\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\caroline\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-23 17:26 - 2012-02-06 21:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2015-02-02 09:52 - 2015-02-02 09:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\caroline\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\caroline\Pictures\PK7.jpg
DNS Servers: 10.0.0.138
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Windows8FirewallControl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Reader Application Helper"
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\StartupApproved\Run: => "EADM"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{9534B620-92A1-4617-A725-E6B2BCF60337}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{8CED6CD4-5596-4265-94E2-1E2350B2C8BB}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{B62A0C1A-08BF-4205-97E2-348401C53E59}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{7ADE7BDB-4F53-4F92-A85A-164D3833B25C}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{B0987CDF-5E0C-4EA0-8874-F82635CDCF8E}] => (Allow) LPort=2869
FirewallRules: [{74745869-A4E9-4FBE-96A4-022439EA9B27}] => (Allow) LPort=1900
FirewallRules: [{E7A0EB6D-E6CD-4435-BE11-78A235CFC832}] => (Allow) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B03D0B6A-CE89-4DDD-A977-1FC997D67B47}] => (Allow) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{20D9E989-826A-48C9-BB50-D4B8627DA866}] => (Allow) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FF840E4A-A45E-4E56-875F-D480A1F19BC0}] => (Allow) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C4D4AFD-DB92-44C6-91C4-C9303E3F98B8}] => (Allow) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
FirewallRules: [{A4CE6D93-63B5-4A18-98E0-9EBAE0836475}] => (Allow) C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe
FirewallRules: [{01CE8D25-FD82-451B-AAFB-156D091B5159}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1838C60C-D6B2-4872-AD2D-E64649ED6B63}] => (Allow) LPort=2869
FirewallRules: [{04016D3F-B1F8-44EE-B84C-218F4AE45BB7}] => (Allow) LPort=1900
FirewallRules: [{6DF2FDE9-F44D-4A5F-B31C-BE94232DE1E6}] => (Allow) LPort=2869
FirewallRules: [{8B31C926-EC59-422E-B1ED-3B8707C98F3D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{5CE91FA5-55B9-4312-8457-4F8D5373F1F9}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{267E49EF-91D1-4F98-A6A8-8C75DB9748CE}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{732F6F78-452B-4FF5-BD8E-CC1CBB89FA0B}] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{68A5A03A-78A1-4692-8D88-A62ADE623EEE}] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{C8E033D2-DC16-456D-ADE9-76D4497A2664}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{C3B527DB-C8E6-4693-BDBE-707BC8CA0070}] => (Allow) J:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A49660A-59AE-4E9F-8E43-7A9448819F1F}] => (Allow) J:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{029FC313-F3C4-4131-A5C3-D36E5C4935A2}] => (Allow) J:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{678FAC30-457D-403C-B59B-4A91AEC2D00B}] => (Allow) J:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{571FA58C-669B-4098-89D8-CABF1B6081F9}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{26609E86-AF23-407F-AC61-D07543ED4037}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{4BA05AD4-5717-44C3-B3D0-02ED6B5F0B2A}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{066E6986-24C2-46B4-A03A-E4E8C8769A32}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{8B9C0E0F-7C2B-4E44-A24D-D93A3432EFEE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{94417749-57F3-461C-B3A3-727DE3D6B3DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6EAF7574-490A-4DC4-9338-29B88CC313E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{13B766FB-6E80-4285-8379-6067579091F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BF77451E-04D1-4AD3-96CE-EDC54FE53633}] => (Allow) LPort=2869
FirewallRules: [{1CEFF440-924F-4054-A1F9-A1E73F189E18}] => (Allow) LPort=1900
FirewallRules: [{471F5D93-B2B7-4063-A762-E300A39ECADD}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{36EB3067-E87B-497A-A104-39167627D8FE}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{7137EB03-A403-4C09-9210-87EE6D1A95CD}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\FEAR Online\Launcher.exe
FirewallRules: [{45638A99-098E-4410-B7FB-F47EECDC25F2}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\FEAR Online\Launcher.exe
FirewallRules: [{3F4CE837-780C-4076-947C-3E71B19480BA}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EC0D51AC-6E0E-4050-AD50-C47A0F3C53E6}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9F59E1FA-5539-46F6-B179-8D831E545703}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{6DFF4C49-9E26-4C3A-80D6-228A1BEE1CCD}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{580819B6-506B-4736-87BB-2E1C9709D993}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{482B0869-1B99-4125-A60D-C973C37D1F94}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{8FAB2FC1-A934-498B-8388-4CB6FB4DEFDA}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{0EA1A2F2-C60F-48E0-A3E8-2EE929812DAD}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{C8EF03F7-DAC0-44C5-8CC9-B50CC66151A4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{5FAB3420-4334-484C-9866-55A480A9EE0C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4E194C55-208A-4B11-BE1D-E2F4D0DA0EC9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{F812207C-1B8C-47C8-A8DF-34C4A10E1F38}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{33C68D2F-6343-4D2F-8E48-63E7C2D695ED}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{70B0D4CA-ACFE-49D6-969D-59BB6D8D798A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6A4C7BDD-A8BF-4AED-A75C-8D735DB469EE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3BE62217-282D-4A76-B084-7A4AE4D63E5B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{24F72692-962F-40BF-A07C-B670F5795568}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E9D1C6D3-4595-4F90-88A7-08E9F9575784}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3BF6205A-C2C2-4203-B5E8-7C9D80999813}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{4F31414B-B4FE-403B-A5DC-7DBC55DF4F67}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{89771EB9-CC4A-49F2-BC8C-6A4EAE41375C}] => (Allow) C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
FirewallRules: [{225C5FF3-F491-4AFF-AD9E-A1E66E903797}] => (Allow) C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
FirewallRules: [{DDFBC23D-71EF-4334-96CC-0BB7FBBD0C83}] => (Allow) C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
FirewallRules: [{98D96D60-D72D-4B73-8A36-FD9A1AF7346E}] => (Allow) C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
FirewallRules: [{9CA5C691-EB3C-4718-BF4F-7FB51894A9AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{70C8034B-452E-40C8-A333-3F99E317CE71}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{21A6E85D-1146-4533-A43F-3F6053590A6D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{D635338C-FED3-4A80-9795-B0DFDA7AC9AA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\ASUSDMS.exe
FirewallRules: [{74711878-4127-4581-AA83-B0CF79CFFC80}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\ASUSDMS.exe
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR946x-Funknetzwerkadapter
Description: Qualcomm Atheros AR946x-Funknetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Leaf Networks Adapter
Description: Leaf Networks Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Leaf Networks
Service: leafnets
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2015 01:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 00:00:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x74c
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 11:41:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x7cc
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 11:26:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x480
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 11:13:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 07:47:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x750
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/20/2015 07:34:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x1890
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/18/2015 09:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x730
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/18/2015 09:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DipAwayMode.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x40010006
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0xf60
Startzeit der fehlerhaften Anwendung: 0xDipAwayMode.exe0
Pfad der fehlerhaften Anwendung: DipAwayMode.exe1
Pfad des fehlerhaften Moduls: DipAwayMode.exe2
Berichtskennung: DipAwayMode.exe3
Vollständiger Name des fehlerhaften Pakets: DipAwayMode.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DipAwayMode.exe5
Error: (05/18/2015 09:17:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
System errors:
=============
Error: (05/20/2015 01:03:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000101 (0x0000000000000018, 0x0000000000000000, 0xffffd00063ab9180, 0x0000000000000005)C:\Windows\MEMORY.DMP052015-6875-01
Error: (05/20/2015 01:03:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.05.2015 um 12:00:14 unerwartet heruntergefahren.
Error: (05/20/2015 11:59:32 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (05/20/2015 11:59:32 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/20/2015 11:59:20 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/20/2015 11:58:55 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/20/2015 11:58:55 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/20/2015 11:58:55 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/20/2015 11:58:55 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/20/2015 11:58:55 AM) (Source: DCOM) (EventID: 10005) (User: LOTTER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-06 03:05:49.463
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-02 20:37:54.935
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-25 05:29:29.476
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.584
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 19:34:31.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 13%
Total physical RAM: 16321.87 MB
Available physical RAM: 14117.34 MB
Total Pagefile: 32705.87 MB
Available Pagefile: 29922.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:132.79 GB) NTFS
Drive d: (Auslagerung) (Fixed) (Total:298.09 GB) (Free:296.08 GB) NTFS
Drive j: () (Fixed) (Total:931.51 GB) (Free:633.07 GB) NTFS
Drive o: (Wechselfestplatte) (Fixed) (Total:931.48 GB) (Free:488.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AD4C1589)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: AE2A3681)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D83CD83C)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 07A6466F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
21.05.2015, 07:51
| #4 |
| /// the machine /// TB-Ausbilder | TR/Coinminer.J bei win 8.1 nicht zu entfernen MBAm updaten, scannen, Funde löschen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2015, 11:27
| #5 |
| | TR/Coinminer.J bei win 8.1 nicht zu entfernenCode:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 21/05/2015 um 12:19:18
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : caroline - LOTTER
# Gestarted von : C:\Users\caroline\Desktop\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v43.0.2357.65
*************************
AdwCleaner[R0].txt - [1103 Bytes] - [21/05/2015 12:16:29]
AdwCleaner[R1].txt - [1163 Bytes] - [21/05/2015 12:17:39]
AdwCleaner[S0].txt - [1037 Bytes] - [21/05/2015 12:19:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1096 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 8.1 x64
Ran by caroline on 21.05.2015 at 12:23:40,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2499066365-3350258436-517844590-1001
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\caroline\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.05.2015 at 12:24:46,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by caroline (administrator) on LOTTER on 21-05-2015 12:25:57
Running from C:\Users\caroline\Desktop
Loaded Profiles: caroline (Available profiles: caroline)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows8FirewallControl] => C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1205248 2013-09-30] (Sphinx Software)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [TMController] => C:\Windows\SysWOW64\TMController.exe [184396 2006-08-24] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-27] (Atheros Communications)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [EADM] => J:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-11] (Electronic Arts)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [GoogleChromeAutoLaunch_E50409BE88589B0A7F68BA91928A79AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-05-27] (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2499066365-3350258436-517844590-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-01] ()
Chrome:
=======
CHR Profile: C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SafeSearch) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-05-20]
CHR Extension: (Avira Browser Safety) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-20]
CHR Extension: (Psykopaint) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-05-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe [1660728 2013-07-31] (ASUSTeK Computer Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-20] (SurfRight B.V.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software) [File not signed]
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-27] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 AsusSensorSimulator; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 asusvad_micarray; C:\Windows\system32\drivers\vmic_x64.sys [38712 2013-02-27] (ASUS SZ provider)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Fwleaf; C:\Windows\system32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
R3 leafnets; C:\Windows\system32\DRIVERS\leafnets.sys [29696 2013-02-05] (Leaf Networks)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 12:24 - 2015-05-21 12:24 - 00000888 _____ () C:\Users\caroline\Desktop\JRT.txt
2015-05-21 12:23 - 2015-05-21 12:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LOTTER-Windows-8.1-(64-bit).dat
2015-05-21 12:23 - 2015-05-21 12:23 - 00000000 ____D () C:\RegBackup
2015-05-21 12:22 - 2015-05-21 12:22 - 02720009 _____ (Thisisu) C:\Users\caroline\Desktop\JRT.exe
2015-05-21 12:22 - 2015-05-21 12:22 - 02209792 _____ () C:\Users\caroline\Downloads\AdwCleaner_4.204.exe
2015-05-21 12:20 - 2015-05-21 12:20 - 00000000 ___RD () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-21 12:19 - 2015-05-21 12:19 - 00001163 _____ () C:\Users\caroline\Desktop\AdwCleaner[R1].txt
2015-05-21 12:16 - 2015-05-21 12:19 - 00000000 ____D () C:\AdwCleaner
2015-05-21 12:15 - 2015-05-21 12:15 - 02209792 _____ () C:\Users\caroline\Desktop\AdwCleaner_4.204.exe
2015-05-20 13:22 - 2015-05-20 13:22 - 00022917 _____ () C:\Users\caroline\Desktop\Gmer.txt
2015-05-20 13:16 - 2015-05-21 12:25 - 00018478 _____ () C:\Users\caroline\Desktop\FRST.txt
2015-05-20 13:16 - 2015-05-21 12:25 - 00000000 ____D () C:\FRST
2015-05-20 13:16 - 2015-05-20 13:17 - 00048405 _____ () C:\Users\caroline\Desktop\Addition.txt
2015-05-20 13:15 - 2015-05-20 13:15 - 00000478 _____ () C:\Users\caroline\Desktop\defogger_disable.log
2015-05-20 13:15 - 2015-05-20 13:15 - 00000000 _____ () C:\Users\caroline\defogger_reenable
2015-05-20 13:11 - 2015-05-20 13:11 - 02107904 _____ (Farbar) C:\Users\caroline\Desktop\FRST64.exe
2015-05-20 13:11 - 2015-05-20 13:11 - 00380416 _____ () C:\Users\caroline\Desktop\Gmer-19357.exe
2015-05-20 13:10 - 2015-05-20 13:10 - 00050477 _____ () C:\Users\caroline\Desktop\Defogger.exe
2015-05-20 13:03 - 2015-05-20 13:03 - 00281248 _____ () C:\Windows\Minidump\052015-6875-01.dmp
2015-05-20 11:36 - 2015-05-20 11:36 - 00001475 _____ () C:\Users\caroline\Desktop\trojaner.txt
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-20 07:55 - 2015-05-20 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-20 07:43 - 2015-05-20 12:04 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 07:43 - 2015-05-20 08:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000860 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-18 21:30 - 2015-05-18 21:30 - 00001250 _____ () C:\Users\caroline\Desktop\mal2.txt
2015-05-18 21:18 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:18 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:09 - 2015-05-18 21:09 - 00001538 _____ () C:\Users\caroline\Desktop\malware.txt
2015-05-18 21:00 - 2015-05-20 11:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 21:00 - 2015-05-18 21:00 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 21:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 20:50 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 20:50 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 20:50 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-18 20:50 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-18 20:50 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-18 20:50 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-18 20:50 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-18 20:50 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-18 20:50 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 20:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 20:49 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 20:49 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 20:49 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 20:49 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 20:49 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 20:49 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 20:49 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 20:49 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 20:49 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 20:49 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 20:49 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 20:49 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 20:49 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 20:49 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 20:49 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 20:49 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 20:49 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 20:49 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 20:49 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 20:49 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 20:49 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 20:49 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 20:49 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 20:49 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-18 20:49 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-18 20:49 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-18 20:49 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-18 20:49 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 20:49 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 20:49 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-18 20:49 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-18 20:49 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-18 20:49 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-18 20:49 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 20:49 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 20:49 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 20:49 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-18 20:49 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-18 20:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 20:49 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-18 19:44 - 2015-05-18 19:44 - 00000000 ____D () C:\ProgramData\GFI Software
2015-05-16 20:40 - 2015-05-20 11:43 - 00006118 _____ () C:\Windows\PFRO.log
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-16 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-15 21:08 - 2015-05-21 12:19 - 00003480 _____ () C:\Windows\setupact.log
2015-05-15 21:08 - 2015-05-15 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 09:49 - 2015-04-26 09:49 - 00000146 _____ () C:\Users\caroline\Desktop\Sound - Verknüpfung (2).lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00002141 _____ () C:\Users\caroline\Desktop\JDownloader 2.lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-25 19:13 - 2015-05-18 20:44 - 00000000 ____D () C:\Users\caroline\AppData\Local\JDownloader v2.0
2015-04-25 19:07 - 2015-04-25 19:10 - 00231544 _____ () C:\Users\caroline\Desktop\Install JDownloader 2 BETA.exe
2015-04-23 20:59 - 2015-04-23 20:59 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\WinRAR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 12:25 - 2014-05-23 17:43 - 00000000 _____ () C:\Windows\Path.idx
2015-05-21 12:25 - 2014-05-22 18:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 12:25 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 12:25 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-21 12:21 - 2014-06-02 20:14 - 01750180 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 12:20 - 2014-12-02 13:04 - 00059913 _____ () C:\Windows\temp023423.vbe
2015-05-21 12:20 - 2014-05-23 18:20 - 00000000 ___RD () C:\Users\caroline\Dropbox
2015-05-21 12:20 - 2014-05-23 18:18 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Dropbox
2015-05-21 12:20 - 2014-05-23 17:31 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-05-21 12:20 - 2014-05-23 17:31 - 00000000 ____D () C:\Users\caroline\AppData\Local\CrashDumps
2015-05-21 12:20 - 2014-05-22 18:38 - 00000000 ___DO () C:\Users\caroline\SkyDrive
2015-05-21 12:19 - 2015-01-11 12:28 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 12:19 - 2014-05-22 18:42 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-21 12:19 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 12:19 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-20 20:35 - 2014-05-22 22:17 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\vlc
2015-05-20 20:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 17:51 - 2015-01-11 12:28 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 17:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-20 16:40 - 2014-12-30 17:03 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 16:13 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 16:00 - 2014-05-23 18:35 - 00000000 ____D () C:\Users\caroline\AppData\Local\Microsoft Help
2015-05-20 15:46 - 2014-11-30 22:06 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-20 14:56 - 2014-05-22 12:50 - 00018432 ___SH () C:\Users\caroline\Desktop\Thumbs.db
2015-05-20 13:26 - 2014-05-22 18:37 - 00000000 ____D () C:\Users\caroline
2015-05-20 13:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-20 13:13 - 2014-05-23 20:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 13:11 - 2014-05-23 20:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 13:11 - 2014-05-23 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-20 13:03 - 2014-12-30 20:13 - 676292187 _____ () C:\Windows\MEMORY.DMP
2015-05-20 13:03 - 2014-05-23 17:36 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 11:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-05-20 07:57 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2015-05-20 07:52 - 2015-01-11 12:28 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 07:38 - 2014-05-22 18:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E73E662-1021-46F4-9D3F-D6EABFA012B6}
2015-05-20 07:37 - 2014-05-23 20:04 - 00000000 ____D () C:\Users\caroline\AppData\Local\Adobe
2015-05-20 07:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 21:21 - 2013-08-22 16:44 - 05147224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 21:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-18 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 21:19 - 2014-05-23 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 21:17 - 2014-05-23 17:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 21:15 - 2014-05-23 17:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 21:13 - 2014-06-15 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 21:12 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 20:48 - 2014-05-23 18:19 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 20:46 - 2015-01-11 12:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:46 - 2015-01-11 12:28 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 20:45 - 2015-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-05-18 20:45 - 2013-08-23 01:26 - 00000000 ____D () C:\Windows\ShellNew
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 __RSD () C:\Windows\Media
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 20:44 - 2015-01-11 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 20:44 - 2014-12-30 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-05-18 20:44 - 2014-06-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-05-18 20:44 - 2014-05-22 18:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 20:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-13 15:21 - 2014-11-30 21:52 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\TS3Client
2015-05-05 19:59 - 2014-12-10 19:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-12-10 19:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 19:46 - 2015-03-13 21:23 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-01 19:46 - 2014-12-01 22:02 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-01 19:46 - 2014-12-01 20:56 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-29 07:46 - 2014-06-05 14:37 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\dvdcss
2015-04-27 23:30 - 2014-08-18 20:42 - 00000659 _____ () C:\Windows\MB.idx
2015-04-26 11:31 - 2014-05-22 18:25 - 00000000 __SHD () C:\Recovery
2015-04-24 21:24 - 2014-06-02 20:16 - 00111616 ___SH () C:\Users\caroline\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-08-13 19:36 - 2014-08-13 19:36 - 0000132 _____ () C:\Users\caroline\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-23 20:25 - 2014-09-23 12:36 - 0001456 _____ () C:\Users\caroline\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-23 19:46 - 2014-05-23 19:46 - 0007597 _____ () C:\Users\caroline\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\caroline\AppData\Local\Temp\130744555063113512.exe
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Local\Temp\avgnt.exe
C:\Users\caroline\AppData\Local\Temp\dllnt_dump.dll
C:\Users\caroline\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgn7cc.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole5400650792649316619.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole837397058756432899.dll
C:\Users\caroline\AppData\Local\Temp\Quarantine.exe
C:\Users\caroline\AppData\Local\Temp\sonarinst.exe
C:\Users\caroline\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-16 20:20
==================== End Of Log ============================
--- --- --- --- --- --- danke für deine Unterstützung FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by caroline (administrator) on LOTTER on 21-05-2015 12:25:57
Running from C:\Users\caroline\Desktop
Loaded Profiles: caroline (Available profiles: caroline)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows8FirewallControl] => C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1205248 2013-09-30] (Sphinx Software)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [TMController] => C:\Windows\SysWOW64\TMController.exe [184396 2006-08-24] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-27] (Atheros Communications)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [EADM] => J:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-11] (Electronic Arts)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [GoogleChromeAutoLaunch_E50409BE88589B0A7F68BA91928A79AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-05-27] (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2499066365-3350258436-517844590-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-01] ()
Chrome:
=======
CHR Profile: C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SafeSearch) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-05-20]
CHR Extension: (Avira Browser Safety) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-20]
CHR Extension: (Psykopaint) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-05-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe [1660728 2013-07-31] (ASUSTeK Computer Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-20] (SurfRight B.V.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software) [File not signed]
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-27] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 AsusSensorSimulator; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 asusvad_micarray; C:\Windows\system32\drivers\vmic_x64.sys [38712 2013-02-27] (ASUS SZ provider)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Fwleaf; C:\Windows\system32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
R3 leafnets; C:\Windows\system32\DRIVERS\leafnets.sys [29696 2013-02-05] (Leaf Networks)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 12:24 - 2015-05-21 12:24 - 00000888 _____ () C:\Users\caroline\Desktop\JRT.txt
2015-05-21 12:23 - 2015-05-21 12:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LOTTER-Windows-8.1-(64-bit).dat
2015-05-21 12:23 - 2015-05-21 12:23 - 00000000 ____D () C:\RegBackup
2015-05-21 12:22 - 2015-05-21 12:22 - 02720009 _____ (Thisisu) C:\Users\caroline\Desktop\JRT.exe
2015-05-21 12:22 - 2015-05-21 12:22 - 02209792 _____ () C:\Users\caroline\Downloads\AdwCleaner_4.204.exe
2015-05-21 12:20 - 2015-05-21 12:20 - 00000000 ___RD () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-21 12:19 - 2015-05-21 12:19 - 00001163 _____ () C:\Users\caroline\Desktop\AdwCleaner[R1].txt
2015-05-21 12:16 - 2015-05-21 12:19 - 00000000 ____D () C:\AdwCleaner
2015-05-21 12:15 - 2015-05-21 12:15 - 02209792 _____ () C:\Users\caroline\Desktop\AdwCleaner_4.204.exe
2015-05-20 13:22 - 2015-05-20 13:22 - 00022917 _____ () C:\Users\caroline\Desktop\Gmer.txt
2015-05-20 13:16 - 2015-05-21 12:25 - 00018478 _____ () C:\Users\caroline\Desktop\FRST.txt
2015-05-20 13:16 - 2015-05-21 12:25 - 00000000 ____D () C:\FRST
2015-05-20 13:16 - 2015-05-20 13:17 - 00048405 _____ () C:\Users\caroline\Desktop\Addition.txt
2015-05-20 13:15 - 2015-05-20 13:15 - 00000478 _____ () C:\Users\caroline\Desktop\defogger_disable.log
2015-05-20 13:15 - 2015-05-20 13:15 - 00000000 _____ () C:\Users\caroline\defogger_reenable
2015-05-20 13:11 - 2015-05-20 13:11 - 02107904 _____ (Farbar) C:\Users\caroline\Desktop\FRST64.exe
2015-05-20 13:11 - 2015-05-20 13:11 - 00380416 _____ () C:\Users\caroline\Desktop\Gmer-19357.exe
2015-05-20 13:10 - 2015-05-20 13:10 - 00050477 _____ () C:\Users\caroline\Desktop\Defogger.exe
2015-05-20 13:03 - 2015-05-20 13:03 - 00281248 _____ () C:\Windows\Minidump\052015-6875-01.dmp
2015-05-20 11:36 - 2015-05-20 11:36 - 00001475 _____ () C:\Users\caroline\Desktop\trojaner.txt
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-20 07:55 - 2015-05-20 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-20 07:43 - 2015-05-20 12:04 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 07:43 - 2015-05-20 08:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000860 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-18 21:30 - 2015-05-18 21:30 - 00001250 _____ () C:\Users\caroline\Desktop\mal2.txt
2015-05-18 21:18 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:18 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:09 - 2015-05-18 21:09 - 00001538 _____ () C:\Users\caroline\Desktop\malware.txt
2015-05-18 21:00 - 2015-05-20 11:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 21:00 - 2015-05-18 21:00 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 21:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 20:50 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 20:50 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 20:50 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-18 20:50 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-18 20:50 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-18 20:50 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-18 20:50 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-18 20:50 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-18 20:50 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 20:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 20:49 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 20:49 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 20:49 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 20:49 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 20:49 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 20:49 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 20:49 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 20:49 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 20:49 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 20:49 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 20:49 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 20:49 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 20:49 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 20:49 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 20:49 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 20:49 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 20:49 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 20:49 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 20:49 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 20:49 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 20:49 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 20:49 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 20:49 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 20:49 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-18 20:49 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-18 20:49 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-18 20:49 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-18 20:49 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 20:49 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 20:49 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-18 20:49 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-18 20:49 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-18 20:49 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-18 20:49 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 20:49 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 20:49 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 20:49 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-18 20:49 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-18 20:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 20:49 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-18 19:44 - 2015-05-18 19:44 - 00000000 ____D () C:\ProgramData\GFI Software
2015-05-16 20:40 - 2015-05-20 11:43 - 00006118 _____ () C:\Windows\PFRO.log
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-16 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-15 21:08 - 2015-05-21 12:19 - 00003480 _____ () C:\Windows\setupact.log
2015-05-15 21:08 - 2015-05-15 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 09:49 - 2015-04-26 09:49 - 00000146 _____ () C:\Users\caroline\Desktop\Sound - Verknüpfung (2).lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00002141 _____ () C:\Users\caroline\Desktop\JDownloader 2.lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-25 19:13 - 2015-05-18 20:44 - 00000000 ____D () C:\Users\caroline\AppData\Local\JDownloader v2.0
2015-04-25 19:07 - 2015-04-25 19:10 - 00231544 _____ () C:\Users\caroline\Desktop\Install JDownloader 2 BETA.exe
2015-04-23 20:59 - 2015-04-23 20:59 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\WinRAR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 12:25 - 2014-05-23 17:43 - 00000000 _____ () C:\Windows\Path.idx
2015-05-21 12:25 - 2014-05-22 18:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 12:25 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 12:25 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-21 12:21 - 2014-06-02 20:14 - 01750180 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 12:20 - 2014-12-02 13:04 - 00059913 _____ () C:\Windows\temp023423.vbe
2015-05-21 12:20 - 2014-05-23 18:20 - 00000000 ___RD () C:\Users\caroline\Dropbox
2015-05-21 12:20 - 2014-05-23 18:18 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Dropbox
2015-05-21 12:20 - 2014-05-23 17:31 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-05-21 12:20 - 2014-05-23 17:31 - 00000000 ____D () C:\Users\caroline\AppData\Local\CrashDumps
2015-05-21 12:20 - 2014-05-22 18:38 - 00000000 ___DO () C:\Users\caroline\SkyDrive
2015-05-21 12:19 - 2015-01-11 12:28 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 12:19 - 2014-05-22 18:42 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-21 12:19 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 12:19 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-20 20:35 - 2014-05-22 22:17 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\vlc
2015-05-20 20:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 17:51 - 2015-01-11 12:28 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 17:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-20 16:40 - 2014-12-30 17:03 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 16:13 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 16:00 - 2014-05-23 18:35 - 00000000 ____D () C:\Users\caroline\AppData\Local\Microsoft Help
2015-05-20 15:46 - 2014-11-30 22:06 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-20 14:56 - 2014-05-22 12:50 - 00018432 ___SH () C:\Users\caroline\Desktop\Thumbs.db
2015-05-20 13:26 - 2014-05-22 18:37 - 00000000 ____D () C:\Users\caroline
2015-05-20 13:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-20 13:13 - 2014-05-23 20:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 13:11 - 2014-05-23 20:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 13:11 - 2014-05-23 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-20 13:03 - 2014-12-30 20:13 - 676292187 _____ () C:\Windows\MEMORY.DMP
2015-05-20 13:03 - 2014-05-23 17:36 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 11:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-05-20 07:57 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2015-05-20 07:52 - 2015-01-11 12:28 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 07:38 - 2014-05-22 18:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E73E662-1021-46F4-9D3F-D6EABFA012B6}
2015-05-20 07:37 - 2014-05-23 20:04 - 00000000 ____D () C:\Users\caroline\AppData\Local\Adobe
2015-05-20 07:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 21:21 - 2013-08-22 16:44 - 05147224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 21:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-18 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 21:19 - 2014-05-23 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 21:17 - 2014-05-23 17:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 21:15 - 2014-05-23 17:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 21:13 - 2014-06-15 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 21:12 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 20:48 - 2014-05-23 18:19 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 20:46 - 2015-01-11 12:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:46 - 2015-01-11 12:28 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 20:45 - 2015-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-05-18 20:45 - 2013-08-23 01:26 - 00000000 ____D () C:\Windows\ShellNew
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 __RSD () C:\Windows\Media
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 20:44 - 2015-01-11 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 20:44 - 2014-12-30 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-05-18 20:44 - 2014-06-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-05-18 20:44 - 2014-05-22 18:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 20:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-13 15:21 - 2014-11-30 21:52 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\TS3Client
2015-05-05 19:59 - 2014-12-10 19:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-12-10 19:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 19:46 - 2015-03-13 21:23 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-01 19:46 - 2014-12-01 22:02 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-01 19:46 - 2014-12-01 20:56 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-29 07:46 - 2014-06-05 14:37 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\dvdcss
2015-04-27 23:30 - 2014-08-18 20:42 - 00000659 _____ () C:\Windows\MB.idx
2015-04-26 11:31 - 2014-05-22 18:25 - 00000000 __SHD () C:\Recovery
2015-04-24 21:24 - 2014-06-02 20:16 - 00111616 ___SH () C:\Users\caroline\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-08-13 19:36 - 2014-08-13 19:36 - 0000132 _____ () C:\Users\caroline\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-23 20:25 - 2014-09-23 12:36 - 0001456 _____ () C:\Users\caroline\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-23 19:46 - 2014-05-23 19:46 - 0007597 _____ () C:\Users\caroline\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\caroline\AppData\Local\Temp\130744555063113512.exe
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Local\Temp\avgnt.exe
C:\Users\caroline\AppData\Local\Temp\dllnt_dump.dll
C:\Users\caroline\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgn7cc.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole5400650792649316619.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole837397058756432899.dll
C:\Users\caroline\AppData\Local\Temp\Quarantine.exe
C:\Users\caroline\AppData\Local\Temp\sonarinst.exe
C:\Users\caroline\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-16 20:20
==================== End Of Log ============================
--- --- --- |
|
22.05.2015, 06:52
| #6 |
| /// the machine /// TB-Ausbilder | TR/Coinminer.J bei win 8.1 nicht zu entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> TR/Coinminer.J bei win 8.1 nicht zu entfernen |
|
22.05.2015, 16:44
| #7 |
| | Damit ich es nicht vergesse wärend Eset sucht Irgendwas blockiert die Verbindung der Scannprogramme mit den Updateservern zur Zeit bei eset der Fall Ich kann die Updates und Scans nur im abgesicherten Modus starten. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6ba2ce629b55134d843f0ead89340cff
# engine=23969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-22 11:00:00
# local_time=2015-05-22 01:00:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.3.9600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777214 100 99 13366737 18223085 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5318719 18975625 0 0
# scanned=327869
# found=11
# cleaned=0
# scan_time=2464
sh=3980706516FB15D8D3E85EC3EACBC6C5FAD2B703 ft=1 fh=a9158a412e32c438 vn="Variante von Win32/InstallCore.XB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe"
sh=ADB79C58729182B9C0926D43F332489B76DB42F5 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CI Trojaner" ac=I fn="C:\Users\caroline\AppData\Roaming\Origin\update.vbe"
sh=1896BA306DA014C884E435A51AF9111B92ED68F9 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CJ Trojaner" ac=I fn="C:\Windows\temp023423.vbe"
sh=1896BA306DA014C884E435A51AF9111B92ED68F9 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CJ Trojaner" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=1896BA306DA014C884E435A51AF9111B92ED68F9 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CJ Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=139B0CF7965D1B9424705F379F1C62D380711BA7 ft=1 fh=f4ccffc2221c57cc vn="Variante von Win64/CoinMiner.X Trojaner" ac=I fn="C:\Windows\Temp\lsass.exe"
sh=570E7E1CCF07768DA86EDC8CEF802B39E6B5100A ft=1 fh=6b77f97216af4318 vn="Variante von Win32/4Shared.P evtl. unerwünschte Anwendung" ac=I fn="J:\hp\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000"
sh=52689216B22D07878BA3A87D5757722876FC2B87 ft=1 fh=d53c1db70e65dbbd vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="J:\hp\AppData\Roaming\Mozilla\Firefox\Profiles\jnvkrrwr.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="J:\hp\AppData\Roaming\OpenCandy\3FE8404EDC474E97A36387103A0263A6\DeltaTB.exe"
sh=94218B7B9088F4BFD50260491546923AD6BA516F ft=1 fh=d7b957bc71db7756 vn="Variante von MSIL/Toolbar.Linkury.P evtl. unerwünschte Anwendung" ac=I fn="J:\hp\AppData\Roaming\OpenCandy\F198B19A7DB54639BD5C9703BAB966AC\SmartbarExeInstaller.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="J:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Windows Defender
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Java version 32-bit out of Date!
Google Chrome (42.0.2311.135)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows8FirewallControl Windows8FirewallService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by caroline (administrator) on LOTTER on 22-05-2015 15:26:25
Running from C:\Users\caroline\Desktop
Loaded Profiles: caroline (Available profiles: caroline)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\AMD\amdacpusrsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Windows\SysWOW64\TMController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
() C:\Users\caroline\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows8FirewallControl] => C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1205248 2013-09-30] (Sphinx Software)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [TMController] => C:\Windows\SysWOW64\TMController.exe [184396 2006-08-24] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-27] (Atheros Communications)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [EADM] => J:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-11] (Electronic Arts)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\...\Run: [GoogleChromeAutoLaunch_E50409BE88589B0A7F68BA91928A79AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-2499066365-3350258436-517844590-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-05-27] (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2499066365-3350258436-517844590-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-01] ()
Chrome:
=======
CHR Profile: C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SafeSearch) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-05-20]
CHR Extension: (Avira Browser Safety) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-20]
CHR Extension: (Psykopaint) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-05-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe [1660728 2013-07-31] (ASUSTeK Computer Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-20] (SurfRight B.V.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-27] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 AsusSensorSimulator; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
R3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 asusvad_micarray; C:\Windows\system32\drivers\vmic_x64.sys [38712 2013-02-27] (ASUS SZ provider)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Fwleaf; C:\Windows\system32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
R3 leafnets; C:\Windows\system32\DRIVERS\leafnets.sys [29696 2013-02-05] (Leaf Networks)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-22 15:26 - 2015-05-22 15:26 - 00000999 _____ () C:\Users\caroline\Desktop\checkup.txt
2015-05-22 15:24 - 2015-05-22 15:24 - 00852630 _____ () C:\Users\caroline\Desktop\SecurityCheck.exe
2015-05-22 15:23 - 2015-05-22 15:23 - 00000000 ___RD () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-22 12:10 - 2015-05-22 12:10 - 02347384 _____ (ESET) C:\Users\caroline\Desktop\esetsmartinstaller_deu.exe
2015-05-22 12:10 - 2015-05-22 12:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-21 12:24 - 2015-05-21 12:24 - 00000888 _____ () C:\Users\caroline\Desktop\JRT.txt
2015-05-21 12:23 - 2015-05-21 12:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LOTTER-Windows-8.1-(64-bit).dat
2015-05-21 12:23 - 2015-05-21 12:23 - 00000000 ____D () C:\RegBackup
2015-05-21 12:22 - 2015-05-21 12:22 - 02720009 _____ (Thisisu) C:\Users\caroline\Desktop\JRT.exe
2015-05-21 12:22 - 2015-05-21 12:22 - 02209792 _____ () C:\Users\caroline\Downloads\AdwCleaner_4.204.exe
2015-05-21 12:19 - 2015-05-21 12:19 - 00001163 _____ () C:\Users\caroline\Desktop\AdwCleaner[R1].txt
2015-05-21 12:16 - 2015-05-21 12:19 - 00000000 ____D () C:\AdwCleaner
2015-05-21 12:15 - 2015-05-21 12:15 - 02209792 _____ () C:\Users\caroline\Desktop\AdwCleaner_4.204.exe
2015-05-20 13:22 - 2015-05-20 13:22 - 00022917 _____ () C:\Users\caroline\Desktop\Gmer.txt
2015-05-20 13:16 - 2015-05-22 15:26 - 00021891 _____ () C:\Users\caroline\Desktop\FRST.txt
2015-05-20 13:16 - 2015-05-22 15:26 - 00000000 ____D () C:\FRST
2015-05-20 13:16 - 2015-05-20 13:17 - 00048405 _____ () C:\Users\caroline\Desktop\Addition.txt
2015-05-20 13:15 - 2015-05-20 13:15 - 00000478 _____ () C:\Users\caroline\Desktop\defogger_disable.log
2015-05-20 13:15 - 2015-05-20 13:15 - 00000000 _____ () C:\Users\caroline\defogger_reenable
2015-05-20 13:11 - 2015-05-20 13:11 - 02107904 _____ (Farbar) C:\Users\caroline\Desktop\FRST64.exe
2015-05-20 13:11 - 2015-05-20 13:11 - 00380416 _____ () C:\Users\caroline\Desktop\Gmer-19357.exe
2015-05-20 13:10 - 2015-05-20 13:10 - 00050477 _____ () C:\Users\caroline\Desktop\Defogger.exe
2015-05-20 13:03 - 2015-05-20 13:03 - 00281248 _____ () C:\Windows\Minidump\052015-6875-01.dmp
2015-05-20 11:36 - 2015-05-20 11:36 - 00001475 _____ () C:\Users\caroline\Desktop\trojaner.txt
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-20 07:56 - 2015-05-20 07:56 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-20 07:55 - 2015-05-20 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-20 07:43 - 2015-05-20 12:04 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 07:43 - 2015-05-20 08:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000860 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-20 07:43 - 2015-05-20 07:43 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-18 21:30 - 2015-05-18 21:30 - 00001250 _____ () C:\Users\caroline\Desktop\mal2.txt
2015-05-18 21:18 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:18 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 21:09 - 2015-05-18 21:09 - 00001538 _____ () C:\Users\caroline\Desktop\malware.txt
2015-05-18 21:00 - 2015-05-20 11:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 21:00 - 2015-05-18 21:00 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 21:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 21:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 20:50 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 20:50 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 20:50 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-18 20:50 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-18 20:50 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-18 20:50 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-18 20:50 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-18 20:50 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-18 20:50 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-18 20:50 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 20:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 20:49 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 20:49 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 20:49 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 20:49 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 20:49 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 20:49 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 20:49 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 20:49 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 20:49 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 20:49 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 20:49 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 20:49 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 20:49 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 20:49 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 20:49 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 20:49 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 20:49 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 20:49 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 20:49 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 20:49 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 20:49 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 20:49 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 20:49 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 20:49 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 20:49 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 20:49 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 20:49 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 20:49 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 20:49 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 20:49 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 20:49 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 20:49 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 20:49 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 20:49 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-18 20:49 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-18 20:49 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-18 20:49 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-18 20:49 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-18 20:49 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 20:49 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 20:49 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 20:49 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-18 20:49 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-18 20:49 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-18 20:49 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-18 20:49 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-18 20:49 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 20:49 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 20:49 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 20:49 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-18 20:49 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-18 20:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 20:49 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-18 19:44 - 2015-05-18 19:44 - 00000000 ____D () C:\ProgramData\GFI Software
2015-05-16 20:40 - 2015-05-20 11:43 - 00006118 _____ () C:\Windows\PFRO.log
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-18 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-16 20:34 - 2015-05-16 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-15 21:08 - 2015-05-22 15:23 - 00003944 _____ () C:\Windows\setupact.log
2015-05-15 21:08 - 2015-05-15 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 09:49 - 2015-04-26 09:49 - 00000146 _____ () C:\Users\caroline\Desktop\Sound - Verknüpfung (2).lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00002141 _____ () C:\Users\caroline\Desktop\JDownloader 2.lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-25 19:13 - 2015-05-18 20:44 - 00000000 ____D () C:\Users\caroline\AppData\Local\JDownloader v2.0
2015-04-25 19:07 - 2015-04-25 19:10 - 00231544 _____ () C:\Users\caroline\Desktop\Install JDownloader 2 BETA.exe
2015-04-23 20:59 - 2015-04-23 20:59 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\WinRAR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-22 15:23 - 2015-01-11 12:28 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 15:23 - 2014-12-02 13:04 - 00059913 _____ () C:\Windows\temp023423.vbe
2015-05-22 15:23 - 2014-05-23 18:20 - 00000000 ___RD () C:\Users\caroline\Dropbox
2015-05-22 15:23 - 2014-05-23 18:18 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Dropbox
2015-05-22 15:23 - 2014-05-23 17:31 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-05-22 15:23 - 2014-05-23 17:31 - 00000000 ____D () C:\Users\caroline\AppData\Local\CrashDumps
2015-05-22 15:23 - 2014-05-22 18:38 - 00000000 __RDO () C:\Users\caroline\SkyDrive
2015-05-22 15:23 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 12:15 - 2014-06-02 20:14 - 01888468 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 12:15 - 2014-05-22 18:42 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-22 12:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-22 12:14 - 2014-05-22 18:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 12:14 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-22 12:14 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-22 12:13 - 2014-05-23 17:43 - 00000000 _____ () C:\Windows\Path.idx
2015-05-22 12:12 - 2014-05-22 18:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E73E662-1021-46F4-9D3F-D6EABFA012B6}
2015-05-20 20:35 - 2014-05-22 22:17 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\vlc
2015-05-20 20:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 17:51 - 2015-01-11 12:28 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 17:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-20 16:40 - 2014-12-30 17:03 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 16:13 - 2015-04-04 13:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 16:13 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 16:00 - 2014-05-23 18:35 - 00000000 ____D () C:\Users\caroline\AppData\Local\Microsoft Help
2015-05-20 15:46 - 2014-11-30 22:06 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-20 14:56 - 2014-05-22 12:50 - 00018432 ___SH () C:\Users\caroline\Desktop\Thumbs.db
2015-05-20 13:26 - 2014-05-22 18:37 - 00000000 ____D () C:\Users\caroline
2015-05-20 13:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-20 13:13 - 2014-05-23 20:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 13:11 - 2014-05-23 20:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 13:11 - 2014-05-23 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-20 13:03 - 2014-12-30 20:13 - 676292187 _____ () C:\Windows\MEMORY.DMP
2015-05-20 13:03 - 2014-05-23 17:36 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 11:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-05-20 07:57 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2015-05-20 07:52 - 2015-01-11 12:28 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 07:37 - 2014-05-23 20:04 - 00000000 ____D () C:\Users\caroline\AppData\Local\Adobe
2015-05-20 07:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 21:21 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 21:21 - 2013-08-22 16:44 - 05147224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 21:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-18 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 21:19 - 2014-05-23 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 21:17 - 2014-05-23 17:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 21:15 - 2014-05-23 17:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 21:13 - 2014-06-15 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 21:12 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 20:48 - 2014-05-23 18:19 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 20:46 - 2015-01-11 12:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:46 - 2015-01-11 12:28 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 20:45 - 2015-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-05-18 20:45 - 2013-08-23 01:26 - 00000000 ____D () C:\Windows\ShellNew
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 __RSD () C:\Windows\Media
2015-05-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 20:44 - 2015-01-11 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 20:44 - 2014-12-30 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-05-18 20:44 - 2014-06-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-05-18 20:44 - 2014-05-22 18:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 20:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-13 15:21 - 2014-11-30 21:52 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\TS3Client
2015-05-05 19:59 - 2014-12-10 19:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-12-10 19:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 19:46 - 2015-03-13 21:23 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-01 19:46 - 2014-12-01 22:02 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-01 19:46 - 2014-12-01 20:56 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-29 07:46 - 2014-06-05 14:37 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\dvdcss
2015-04-27 23:30 - 2014-08-18 20:42 - 00000659 _____ () C:\Windows\MB.idx
2015-04-26 11:31 - 2014-05-22 18:25 - 00000000 __SHD () C:\Recovery
2015-04-24 21:24 - 2014-06-02 20:16 - 00111616 ___SH () C:\Users\caroline\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-08-13 19:36 - 2014-08-13 19:36 - 0000132 _____ () C:\Users\caroline\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-23 20:25 - 2014-09-23 12:36 - 0001456 _____ () C:\Users\caroline\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-23 19:46 - 2014-05-23 19:46 - 0007597 _____ () C:\Users\caroline\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\caroline\AppData\Local\Temp\130744555063113512.exe
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Local\Temp\avgnt.exe
C:\Users\caroline\AppData\Local\Temp\dllnt_dump.dll
C:\Users\caroline\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3xsdfr.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole5400650792649316619.dll
C:\Users\caroline\AppData\Local\Temp\proxy_vole837397058756432899.dll
C:\Users\caroline\AppData\Local\Temp\Quarantine.exe
C:\Users\caroline\AppData\Local\Temp\sonarinst.exe
C:\Users\caroline\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-16 20:20
==================== End Of Log ============================
--- --- --- --- --- --- Ich seh das einer der Orte an denen der Miner hockt der Roaming/Origin ist kann der echt über das Gameportal auf den Rechner gelangen. Ach ja und schöne Pfingsten!  |
|
23.05.2015, 16:36
| #8 |
| /// the machine /// TB-Ausbilder | TR/Coinminer.J bei win 8.1 nicht zu entfernen Jap Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
C:\Windows\temp023423.vbe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\Temp\lsass.exe
J:\hp\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000
J:\hp\AppData\Roaming\Mozilla\Firefox\Profiles\jnvkrrwr.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe
J:\hp\AppData\Roaming\OpenCandy\3FE8404EDC474E97A36387103A0263A6\DeltaTB.exe
J:\hp\AppData\Roaming\OpenCandy\F198B19A7DB54639BD5C9703BAB966AC\SmartbarExeInstaller.exe
J:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.05.2015, 17:05
| #9 |
| | TR/Coinminer.J bei win 8.1 nicht zu entfernen Das schaut ja schon richtig gut aus, zumindest schreit mein antivir nicht mehr  Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by caroline at 2015-05-24 11:48:00 Run:1
Running from C:\Users\caroline\Desktop
Loaded Profiles: caroline (Available profiles: caroline)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe
C:\Users\caroline\AppData\Roaming\Origin\update.vbe
C:\Windows\temp023423.vbe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\Temp\lsass.exe
J:\hp\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000
J:\hp\AppData\Roaming\Mozilla\Firefox\Profiles\jnvkrrwr.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe
J:\hp\AppData\Roaming\OpenCandy\3FE8404EDC474E97A36387103A0263A6\DeltaTB.exe
J:\hp\AppData\Roaming\OpenCandy\F198B19A7DB54639BD5C9703BAB966AC\SmartbarExeInstaller.exe
J:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
Emptytemp:
*****************
C:\Users\caroline\AppData\Local\Temp\13074455532832228281.exe => Moved successfully.
C:\Users\caroline\AppData\Roaming\Origin\update.vbe => Moved successfully.
C:\Windows\temp023423.vbe => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe => Moved successfully.
C:\Windows\Temp\lsass.exe => Moved successfully.
J:\hp\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 => Moved successfully.
J:\hp\AppData\Roaming\Mozilla\Firefox\Profiles\jnvkrrwr.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe => Moved successfully.
J:\hp\AppData\Roaming\OpenCandy\3FE8404EDC474E97A36387103A0263A6\DeltaTB.exe => Moved successfully.
J:\hp\AppData\Roaming\OpenCandy\F198B19A7DB54639BD5C9703BAB966AC\SmartbarExeInstaller.exe => Moved successfully.
J:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe => Moved successfully.
EmptyTemp: => Removed 408.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:48:07 ====
 |
|
25.05.2015, 11:06
| #10 |
| /// the machine /// TB-Ausbilder | TR/Coinminer.J bei win 8.1 nicht zu entfernen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.05.2015, 14:43
| #11 |
| | TR/Coinminer.J bei win 8.1 nicht zu entfernen Perfekt! vielen Dank für deine Hilfe, zwischen meinem ersten Hilferuf und diesem sind 8 Jahre vergangen die Qualität ist top geblieben. Danke noch mal und schöne Tage RD |
|
26.05.2015, 06:31
| #12 |
| /// the machine /// TB-Ausbilder | TR/Coinminer.J bei win 8.1 nicht zu entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Coinminer.J bei win 8.1 nicht zu entfernen |
| antivir, asus, blockiert, csrss.exe, entfernen, error, explorer, gelöscht, harddisk, iexplore, installation, internet, internet explorer, lan, microsoft, neustart, refresh, registry, scan, schutz, server.exe, software, system, system32, systemstart, temp |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
