|
Plagegeister aller Art und deren Bekämpfung: MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oftWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.05.2015, 20:17 | #1 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Hallo, als ich vor wenigen Minuten mit MBAM einen Bedrohungssuchlauf durchgeführt habe hat das Programm die Datei pi.exe als Troianer angegeben. Außerdem ist mir in letzter Zeit aufgefallen, dass Chrome oft ohne Vorwarnung abstürzt... Gleichzeitig änderte sich dann immer das Aero Design zu Standart mit der Begründung, dass zu wenig RAM zur Verfügung stehe, was jedoch bei 16 GB und einer durchschnittlichen Nutzung von 5 GB nicht der Fall sein kann. Vielen Dank schon mal im Voraus Gruß Nick PS: hier noch der LOG von MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.05.2015 Suchlauf-Zeit: 20:20:46 Logdatei: mbam2.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.27.04 Rootkit Datenbank: v2015.05.24.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nick Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 403084 Verstrichene Zeit: 29 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, 4960, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1] PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, 5832, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1] Module: 1 PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility32.dll, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], Registrierungsschlüssel: 1 PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurityUtility, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 1 PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\SecurityUtility\SecurityUtility32.dll , Gut: (), Schlecht: (C:\ProgramData\SecurityUtility\SecurityUtility32.dll),Ersetzt,[dac6c6d2573358de759c5d7c18eb4fb1] Ordner: 1 PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], Dateien: 6 Trojan.Agent, C:\Users\Nick\AppData\Local\Temp\pi.exe, In Quarantäne, [9b05c4d490fad75f786bfd8ba163de22], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\NSISHelper.dll, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility32.dll, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SoftConfigTest.exe, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], PUP.Optional.ASK.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ({"extensions":{"settings":{"aaaaaiabcopkplhgaedhbloeejhhankf":{"ack_prompt_count":2,"active_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067024670815708","lastpingday":"13066992006741698","location":6,"manifest":{"background":{"page":"background/background.html"},"browser_action":{"default_icon":"config/skin/images/logo/logo_19x.png","default_popup":"config/skin/chrome-options.html","default_title":"Control the Ask Search App"},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp","search_provider":{"alternate_urls":[],"encoding":"UTF-8","favicon_url":"hxxp://apnstatic.ask.com/static/images/favicon.ico","image_url":"hxxp://www.search.ask.com/pictures?q={searchTerms}","image_url_post_params":"","instant_url":"hxxp://www.search.ask.com/web?q={searchTerms}","instant_url_post_params":"","is_default":true,"keyword":"search.ask.com","name":"Ask Search","search_url":"hxxp://www.search.ask.com/web?q={searchTerms}","search_url_post_params":"","suggest_url":"hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}","suggest_url_post_params":""},"startup_pages":["hxxp://www.search.ask.com/?gct=hp"]},"chrome_url_overrides":{"newtab":"newtab/newtab.html"},"content_scripts":[{"all_frames":true,"js":["lib/constant.js","lib/default-config.js","config/tb-config.js","lib/protocol.js","lib/tb-message.js","lib/widget-messaging.js","content_script/inline-html.js"],"matches":["*://*/*"],"run_at":"document_end"},{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","config/widget-config.js","lib/protocol.js","lib/tb-message.js","lib/state-machine.js","lib/async-gate.js","lib/window-position.js","lib/DataStore.js","lib/logger.js","lib/tb-config-update.js","content_script/positioning.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"}],"description":"Convenient browsing tools and links. Disabling this extension won't uninstall the associated program; for instructions: help.ask.com","icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF6A4+sLzkdmU56W7P0WN8dSdeN1ojg45/uzc8F+YxugTnRn3EHgxej7qwvOpOcAQBizphzWRvHs2rbmtXSii8xBUss5UZg9pQuHIK588mabsZxIJr18Oo2F8zhJP1kLlI6SrXkK/n3FpFQX71R0RGg8RQyyyv7sXdOE7cCe6JoQIDAQAB","manifest_version":2,"name":"Search App By Ask v2","permissions":["management","nativeMessaging","tabs","storage","hxxp://*/*","https://*/*","webRequest","webRequestBlocking"],"update_url":"https://clients2.google.com/service/update2/crx","version":"55.11","web_accessible_resources":["config/skin/css/containers.css","config/skin/toolbar.html","widgets/search-suggestion/search-suggestion.html","widgets/options/options.html","widgets/templates/feed.html","widgets/templates/menu.html","config/skin/widgets/SPE-options/options.html"]},"path":"aaaaaiabcopkplhgaedhbloeejhhankf\\55.11_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"abkhhgjpfcnmmpmhghohpfkcgoineebk":{"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"zm","blacklist_state":3,"creation_flags":9,"disable_reasons":512,"events":[],"from_bookmark":false,"from_webstore":true,"install_time":"13015610995969439","last_active_pingday":"13015666799531781","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://cloudygame.com/#play/doodle-jump-deluxe-flash-hd/46"},"urls":["hxxp://cloudygame.com/#play/doodle-jump-deluxe-flash-hd/46"]},"current_locale":"de","default_locale":"en","description":"Der weltberühmte Doodle Jump ist jetzt hier. Können Sie schlagen die besten Noten?","icons":{"128":"icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu4zicklCnUWhFSSp2Nz0fGejMU3lCmdOdAqwsWXiGFW0Dtp1Bs5W7F71NrYXuN7B9dxTa2+8SjAOn3uCrQPs/PC3vMHgpgTcya42zvQA58BNU80RZjN1tUfVS4SJNcjj37TBZ58HeyubA4t73Yc4VlAYhejwDX1/3nPaVMvEhRwIDAQAB","manifest_version":2,"name":"Doodle Jump Deluxe Flash HD ","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"1.6"},"page_ordinal":"n","path":"abkhhgjpfcnmmpmhghohpfkcgoineebk\\1.6_0","state":0,"was_installed_by_default":false},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_bit":true,"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\web_store","was_installed_by_default":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067641259939867","lastpingday":"13077183600296718","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"de","default_locale":"en_US","description":"Dokumente erstellen und bearbeiten","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"https://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067641260593434","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"https://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","https://docs.google.com/","https://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"de","default_locale":"en_US","description":"Google Drive: Alle Inhalte an einem Ort erstellen, teilen und speichern.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"https://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"https://clients2.google.com/service/update2/crx","version":"6.4"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\6.4_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":153,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067641260260808","last_active_pingday":"13024738798034404","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"de","default_locale":"en","description":"Die beliebteste Online-Video-Community der Welt","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"cfhdojbkjhnklbpkdaibdccddilifddb":{"active_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","https://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","https://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070493971994612","lastpingday":"13077183600296718","location":1,"manifest":{"background":{"scripts":["ext/common.js","ext/background.js","lib/compat.js","lib/info.js","lib/io.js","lib/adblockplus.js","lib/punycode.js","lib/publicSuffixList.js","lib/sha1.js","lib/jsbn.js","lib/rsa.js","webrequest.js","messageResponder.js","popupBlocker.js","background.js"]},"browser_action":{"default_icon":{"19":"icons/abp-19.png","38":"icons/abp-38.png"},"default_popup":"popup.html","default_title":"Adblock Plus"},"content_scripts":[{"all_frames":true,"js":["ext/common.js","ext/content.js","include.preload.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_start"},{"all_frames":true,"js":["include.postload.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_end"}],"current_locale":"de","default_locale":"en_US","description":"Ein kostenloser Werbeblocker mit über 50 Mio Nutzern, der ALLE nervenden Werbeanzeigen, Malware- und Tracking-Angriffe blockiert.","icons":{"128":"icons/detailed/abp-128.png","16":"icons/abp-16.png","32":"icons/abp-32.png","48":"icons/detailed/abp-48.png","64":"icons/detailed/abp-64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxGWIIBRUVzQIXITqE6+js1FA24fsZC58G0fxcO1Duwfps+9gip5tedTziErKEpeAQVkgasdT4kk+b6Lw27yp3oysAj6zD9j+j4W+EMArTXqMIc6SMYD7Z8bPcwPb3tC1MUxMSpO6oOVpFE23UhKe91SYnrK92nHI2cmsor5elXQIDAQAB","manifest_version":2,"minimum_chrome_version":"28.0","name":"Adblock Plus","options_page":"options.html","permissions":["tabs","hxxp://*/*","https://*/*","contextMenus","webRequest","webRequestBlocking","webNavigation","unlimitedStorage","notifications"],"short_name":"Adblock Plus","update_url":"https://clients2.google.com/service/update2/crx","version":"1.8.12","web_accessible_resources":["block.html"]},"path":"cfhdojbkjhnklbpkdaibdccddilifddb\\1.8.12_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":153,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072136215421887","last_active_pingday":"13024220398764713","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"de","default_locale":"en","description":"Die schnellste Suche im Web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","manifest_version":2,"name":"Google-Suche","permissions":[],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.30"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.30_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"dnhpdliibojhegemfjheidglijccjfmc":{"active_permissions":{"api":["hotwordPrivate","tabs","webConnectable"],"explicit_host":["*://*.google.co.uk/*","*://*.google.com/*","*://*.google.de/*","*://*.google.fr/*","*://*.google.ru/*","chrome://newtab/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"ephemeral_app":false,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13054416685484770","location":5,"manifest":{"background":{"persistent":false,"scripts":["manager.js"]},"externally_connectable":{"matches":["*://*.google.com/*","*://*.google.ru/*","*://*.google.co.uk/*","*://*.google.fr/*","*://*.google.de/*","chrome://newtab/"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB","manifest_version":2,"minimum_chrome_version":"32","name":"hotword helper","permissions":["*://*.google.com/*","*://*.google.ru/*","*://*.google.co.uk/*","*://*.google.fr/*","*://*.google.de/*","chrome://newtab/","hotwordPrivate","tabs"],"version":"0.0.2.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.103\\resources\\hotword_helper","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13014039086886869","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\bookmark_manager","was_installed_by_default":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13014039086886869","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\settings_app","running":false,"was_installed_by_default":false},"flliilndjeohchalpbbcdekjklbdgfkk":{"active_permissions":{"api":["cookies","storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["chrome://favicon/*","hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cookies","storage","tabs","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["chrome://favicon/*","hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077131217715949","lastpingday":"13077183600296718","location":1,"manifest":{"background":{"scripts":["js/bunches/background.js"]},"browser_action":{"default_icon":{"16":"img/avira_icon16.png","19":"img/avira_logo.png","24":"img/avira_icon24.png","32":"img/avira_icon32.png","38":"img/avira_logo.png"},"default_title":"Avira Browser Safety"},"content_scripts":[{"css":["css/content/content.css"],"js":["js/bunches/content.js"],"matches":["*://*/*"]},{"css":["css/content/search.css"],"js":["js/bunches/search.js"],"matches":["*://*/*"]},{"js":["js/bunches/content_start.js"],"matches":["*://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src 'self' https://cdn.mxpnl.com hxxp://localhost:4000 https://localhost https://avira.com https://www.avira.com https://www.tt.avira.com; object-src 'self'","current_locale":"de","default_locale":"en","description":"Schützt Ihre Privatsphäre durch Blockieren von Online-Gefahren.","icons":{"128":"img/avira_icon128.png","16":"img/avira_icon16.png","48":"img/avira_icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl3UicGZTgzDr3crrsAxjwue3gjDfxGKIxaipQBP8smbkQ2GuKVO9nojCLRzdn7TkB+Xo60aTqHC2hQhby0MMyjAvgqjXR2cE+99PtB4Hpvf7k/EOO7VMT2ndm/lVM9cJUtNq3A7GUxTqmL78akNAxgjZK0n2onNqpmiVHxufCmq8tlU+5NtJkk6ioRATpjdsjAxqeuRyglwzx0cPVMpXg8fUXp2EhwFYsDevN6f+7Sm0QujCmjOy11yjlz8XfnX3ODVCwByureqJLuTJpw5SMOykz4LHmUwiIvPdOZXJ9eiduedncVqDMuPTMWwWpkD3uV95pnmFNKE/6GxIx2dhwIDAQAB","manifest_version":2,"name":"Avira Browserschutz","options_page":"html/top.html#settings/General","options_ui":{"chrome_style":true,"open_in_tab":true,"page":"html/top.html#settings/General"},"permissions":["tabs","storage","webNavigation","webRequest","webRequestBlocking","cookies","hxxp://*/*","https://*/*","chrome://favicon/"],"update_url":"https://clients2.google.com/service/update2/crx","version":"1.4.8","web_accessible_resources":["html/top.html","html/blocked.html","img/serp_info_safe.svg","img/serp_info_unsafe.svg","css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png","img/absb-checks.png","img/absb-attention.png","img/absb-close.png"]},"path":"flliilndjeohchalpbbcdekjklbdgfkk\\1.4.8_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13029183391814621","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.57\\resources\\feedback","running":false,"was_installed_by_default":false},"gmlllbghnfkpflemihljekbapjopfjik":{"ack_external":true,"active_permissions":{"api":["activeTab","bookmarks","bookmarkManagerPrivate","fileSystem","fileSystem.write","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","webConnectable"],"explicit_host":["*://*.google.com/*","chrome://favicon/*"],"manifest_permissions":[{"chrome_ui_overrides":true}]},"commands":{"_execute_page_action":{"suggested_key":"Ctrl+D","was_assigned":true}},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["activeTab","bookmarks","bookmarkManagerPrivate","fileSystem","fileSystem.write","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","webConnectable"],"explicit_host":["*://*.google.com/*","chrome://favicon/*"],"manifest_permissions":[{"chrome_ui_overrides":true}]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076852575451746","lastpingday":"13077183600296718","location":10,"manifest":{"background":{"persistent":true,"scripts":["bootstrap.js","background_compiled.js"]},"chrome_ui_overrides":{"bookmarks_ui":{"remove_bookmark_shortcut":true,"remove_button":true}},"chrome_url_overrides":{"bookmarks":"bookmarks.html"},"commands":{"_execute_page_action":{"description":"Stars popup","suggested_key":{"default":"Ctrl+D"}}},"content_security_policy":"script-src 'self' https://*.google.com https://*.gstatic.com; object-src 'self'","current_locale":"de","default_locale":"en","description":"Bookmark Manager","externally_connectable":{"matches":["*://*.google.com/*"]},"icons":{"16":"icons/bookmarks16.png","32":"icons/bookmarks32.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO1rEc7Du17LBzIOf1nXMC4JM4suAzgaswHRjJhaE4/fNIXxrTjqaDH5tpU7huX8RdVyuu3zggdP36mpqhLYNzCf9fgnvhZEGpsXYqedWXapQ4nrVca4Xg5SB8/K7oRS+dnMwwxYjED434qTyfiSiJoXVo7MXa+qBckMQ6Wf0t0QIDAQAB","manifest_version":2,"minimum_chrome_version":"42","name":"Bookmark Manager","oauth2":{"client_id":"610799782257-avhfi6rijk0n02t94linmllq54ool5kf.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/chromesync"]},"page_action":{"default_icon":{"19":"icons/collected19.png"},"default_title":"Star Page"},"permissions":["activeTab","bookmarks","bookmarkManagerPrivate","chrome://favicon/","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","*://*.google.com/*",{"fileSystem":["write"]}],"update_url":"https://clients2.google.com/service/update2/crx","version":"2.2015.506.11355"},"path":"gmlllbghnfkpflemihljekbapjopfjik\\2.2015.506.11355_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"iajlkcpgcnbhfhpdeooockfaincfkjjj":{"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"zs","creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"install_time":"13022013577472964","last_active_pingday":"13016012400250961","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.isoball3game.com/"},"urls":["hxxp://www.isoball3game.com/"]},"current_locale":"de","default_locale":"en","description":"Isoball 3 enthält 75 neue Levels, um Ihre Fähigkeiten zu testen.","icons":{"128":"icon128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZ+jaUeIs+wUMAFCL0sMHsUXw2A3ynzVoBzs46LrDObSsQ3a1iN/fbAjOMFUye8TQKUHFttN7MRZFwW+6EvpyjCLNg4o+WRSfNkSx5WdIa8Q4JyR5hTWPDdbEqOFXCHVlGq0/JsWJMfJach1C/0feUlmn+0t0DKxTgYhirsifKdwIDAQAB","manifest_version":2,"name":"Isoball 3","update_url":"https://clients2.google.com/service/update2/crx","version":"1.4.0"},"page_ordinal":"n","path":"iajlkcpgcnbhfhpdeooockfaincfkjjj\\1.4.0_0","state":1,"was_installed_by_default":false},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","hid","tabs","u2fDevices","usb",{"usbDevices":[{"interfaceId":-1,"productId":529,"vendorId":4176}]},"webConnectable"],"explicit_host":["hxxp://*/*","https://*/*","https://www.gstatic.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076852539363587","location":5,"manifest":{"background":{"persistent":false,"scripts":["util.js","b64.js","sha256.js","countdown.js","countdowntimer.js","devicestatuscodes.js","approvedorigins.js","errorcodes.js","gnubbycodetypes.js","webrequest.js","gnubbymsgtypes.js","messagetypes.js","factoryregistry.js","closeable.js","requesthelper.js","webrequestsender.js","enroller.js","requestqueue.js","signer.js","origincheck.js","textfetcher.js","appid.js","watchdog.js","cryptotokenorigincheck.js","cryptotokenapprovedorigins.js","gnubbydevice.js","hidgnubbydevice.js","usbgnubbydevice.js","gnubbies.js","gnubby.js","gnubby-u2f.js","gnubbyfactory.js","singlesigner.js","multiplesigner.js","generichelper.js","inherits.js","individualattest.js","devicefactoryregistry.js","usbhelper.js","usbenrollhandler.js","usbsignhandler.js","usbgnubbyfactory.js","googlecorpindividualattest.js","cryptotokenbackground.js"]},"description":"CryptoToken Component Extension","externally_connectable":{"accepts_tls_channel_id":true,"ids":["fjajfjhkeibgmiggdfehjplbhmfkialk"],"matches":["\u003Call_urls>"]},"incognito":"split","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB","manifest_version":2,"name":"CryptoTokenExtension","permissions":["hid","u2fDevices","usb","cryptotokenPrivate","externally_connectable.all_urls","tabs","https://*/*","hxxp://*/*",{"usbDevices":[{"productId":529,"vendorId":4176}]}],"version":"0.9.22"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\cryptotoken","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"lccekmodgklaepjeofjdjpbminllajkg":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076852580352879","lastpingday":"13077183600296718","location":10,"manifest":{"description":"Support files for Chrome Hotwording.","export":{"resources":["audio/*","_platform_specific/*","hotword_*.nmf"],"whitelist":["nbpagnldghgfoolbancepceaanlmhfmd"]},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxhwmnepSrtvEcatE9K4SxOUTy6U1LNpuaT3BNr12cuehQT5YAGeUcgeIMQmE0/h/EefU53TcjUEn9vgE8+aSZW0VirROE36hfcWpqyxf9jh0mPRluLIxCW+ObD/B5YoXj0kxTWIaDQqKYBJyo+QCRwef5hwfAoUoDggnYDRHHG4z3mfZJ4duY2H3ISEw4/tsvAm8SxCZm+W6laCV0AkJxO+s4bNNC0z0Y5+G3nw24uV8cdMnfQcFUWJncnwqDSTUp7vOZb570Wv02TD+qhpA2rlF0/ym6edXoKzapR4+SQQllDXZ0yLZ3GQ6uf7IsCufSoYPoIsmYExHrlZbgVkWwIDAQAB","manifest_version":2,"minimum_chrome_version":"39","name":"Chrome Hotword Shared Module","platforms":[{"lang":"de","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_de/"},{"lang":"de","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_de/"},{"lang":"de","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_de/"},{"lang":"en-AU","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_en-au/"},{"lang":"en-AU","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_en-au/"},{"lang":"en-AU","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_en-au/"},{"lang":"en-GB","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_en-gb/"},{"lang":"es","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_es/"},{"lang":"es","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_es/"},{"lang":"es","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_es/"},{"lang":"fr","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_fr/"},{"lang":"fr","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_fr/"},{"lang":"fr","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_fr/"},{"lang":"it","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_it/"},{"lang":"it","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_it/"},{"lang":"it","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_it/"},{"lang":"ja","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ja/"},{"lang":"ja","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ja/"},{"lang":"ja","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ja/"},{"lang":"ko","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ko/"},{"lang":"ko","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ko/"},{"lang":"ko","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ko/"},{"lang":"pt-BR","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_pt-br/"},{"lang":"pt-BR","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_pt-br/"},{"lang":"pt-BR","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_pt-br/"},{"lang":"ru","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ru/"},{"lang":"ru","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ru/"},{"lang":"ru","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ru/"},{"nacl_arch":"arm","sub_package_path":"_platform_specific/arm_/"},{"nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_/"},{"nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_/"}],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.3.0.5"},"path":"lccekmodgklaepjeofjdjpbminllajkg\\0.3.0.5_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\cloud_print","was_installed_by_default":false},"mfffpogegjflfpflabcdkioaeobkgjik":{"active_permissions":{"api":["webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070753489795811","location":5,"manifest":{"background":{"scripts":["channel.js","background.js"]},"content_scripts":[{"all_frames":true,"js":["channel.js","saml_injected.js"],"matches":["\u003Call_urls>"],"run_at":"document_start"}],"content_security_policy":"default-src 'self'; script-src 'self'; frame-src *; style-src 'self' 'unsafe-inline'","description":"GAIA Component Extension","key":"MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==","manifest_version":2,"name":"GaiaAuthExtension","permissions":["\u003Call_urls>","webRequest","webRequestBlocking"],"version":"0.0.1","web_accessible_resources":["main.css","main.html","main.js","offline.css","offline.html","offline.js","success.html","success.js","util.js"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\41.0.2272.89\\resources\\gaia_auth","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\chrome_app","was_installed_by_default":false},"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":[],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["chrome://print/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073750509781239","location":5,"manifest":{"content_scripts":[{"js":["content_script.js"],"matches":["chrome://print/*"]}],"content_security_policy":"script-src 'self' chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name":"Chrome PDF Viewer","offline_enabled":true,"permissions":["\u003Call_urls>"],"version":"1","web_accessible_resources":["index.html","index.html"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\pdf","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nbpagnldghgfoolbancepceaanlmhfmd":{"active_permissions":{"api":["audioCapture","hotwordPrivate","idle","management","metricsPrivate","tabs","unlimitedStorage","webConnectable"],"explicit_host":["*://*.google.at/*","*://*.google.ca/*","*://*.google.co.jp/*","*://*.google.co.kr/*","*://*.google.co.nz/*","*://*.google.co.uk/*","*://*.google.co.za/*","*://*.google.com.au/*","*://*.google.com.br/*","*://*.google.com.mx/*","*://*.google.com/*","*://*.google.de/*","*://*.google.es/*","*://*.google.fr/*","*://*.google.it/*","*://*.google.ru/*","chrome://newtab/*","chrome://resources/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["hotwordPrivate.onDeleteSpeakerModel","hotwordPrivate.onEnabledChanged","hotwordPrivate.onSpeakerModelExists","management.onInstalled","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073750509774866","location":5,"manifest":{"background":{"persistent":false,"scripts":["chrome://resources/js/cr.js","chrome://resources/js/util.js","chrome://resources/js/cr/event_target.js","constants.js","keep_alive.js","logging.js","metrics.js","nacl_manager.js","state_manager.js","base_session_manager.js","always_on_manager.js","launcher_manager.js","page_audio_manager.js","training_manager.js","manager.js"]},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","import":[{"id":"lccekmodgklaepjeofjdjpbminllajkg"}],"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbHXRPiq2De9EJ+4pvNN6uE/D2avxrqyLSpA/Hq3II+btkPl1gboY3oUPTfevpVOFa90Y1c1b3/W682dXqybT0klIvFLKhdQx0LiVqSUQyIaDrwOCSo/ZcukbEwDRojegWymCjHvX6WZk4kKZzTJYzY1vrp0TWKLhttEMN9KFmowIDAQAB","manifest_version":2,"minimum_chrome_version":"38","name":"Hotword triggering","permissions":["*://*.google.at/*","*://*.google.ca/*","*://*.google.com/*","*://*.google.com.au/*","*://*.google.com.mx/*","*://*.google.com.br/*","*://*.google.co.jp/*","*://*.google.co.kr/*","*://*.google.co.nz/*","*://*.google.co.uk/*","*://*.google.co.za/*","*://*.google.de/*","*://*.google.es/*","*://*.google.fr/*","*://*.google.it/*","*://*.google.ru/*","chrome://newtab/","chrome://resources/","audioCapture","hotwordPrivate","idle","management","metricsPrivate","tabs","unlimitedStorage"],"version":"0.0.1.4"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\hotword","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["https://www.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13037580481034096","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Español"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Français"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google æ?¥æ?¬äºº"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google í??êµ*ì?"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google ä¸*å?½ç??"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["alarms.onAlarm","runtime.onConnectExternal","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13034616784412756","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/hangouts*","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout Services","permissions":["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076110110912584","lastpingday":"13077183600296718","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"de","default_locale":"en","description":"Google Wallet für digitale Produkte","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","background","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046552160457787","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","all_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072136215798799","last_active_pingday":"13022751599177161","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"de","default_locale":"en","description":"Schneller E-Mail-Dienst mit Suchfunktion und wenig Spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Google Mail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"SILVERSTow@gmail.com","username":"SILVERSTow@gmail.com"}},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"9103D77B3A73F69508678747425CBB546C3C19A6154381AF68A62F0CF498A5C3"},"default_search_provider":{"keyword":"143550D0197722122EF3716B56A79623144A8FA4697D774AA628AA4EB5E1C11F","name":"D23FC78422D475E96D3C9DB05E223243BE2D6701DED648BF84384EA0D26CD8EB","search_url":"15F01E044534CD2F958A050C4391B5210D371CC6DA8371EA82A8470D98A0AFF7"},"default_search_provider_data":{"template_url_data":"21298A6AA20E9337EAD4FCAAA6A82E86328596413DFA2C5AD86885D0DD3021B1"},"extensions":{"settings":{"aaaaaiabcopkplhgaedhbloeejhhankf":"06A266779B7FE2767AA28C83301179834A042A644EDA6676EDE10B8DBE507C9C","abkhhgjpfcnmmpmhghohpfkcgoineebk":"79685660972D127BB6346B543AD094C9A4624F8C186830D73EE1F8FD79E16896","ahfgeienlihckogmohjhadlkjgocpleb":"50591D6842DF3E58954708599DAB518C30F68974D8430359E053E71870BE9305","aohghmighlieiainnegkcijnfilokake":"43AC3720DE60AF22F2DA0B25D15B8A54F318420F2C953093328FD5A2A8541CCA","apdfllckaahabafndbhieahigkjlhalf":"6BB502FF25755F234984934738AD89CCC60050358BE2A781F641D040204129C5","bepbmhgboaologfdajaanbcjmnhjmhfn":"6ED1346395F7B65D73116DE5B4E050E61F23B2D3D5FD7AD752D7274CBFEEA008","blpcfgokakmgnkcojhhkbfbldkacnbeo":"2630B6D956D80973C3C0D7DBA8F2F9F9061B451FE495DAFE8FFC48472BCA2D89","cfhdojbkjhnklbpkdaibdccddilifddb":"7F7127294728FF94975793CC3743D771D0C1356E30052337012A90E08F4B17E2","coobgpohoikkiipiblmjeljniedjpjpf":"6E36C3EC8C0A7FEEF7E22D11808B3EEAA36994EF2353A05F2454FAD6154DAB8F","dnhpdliibojhegemfjheidglijccjfmc":"85C19E162083F94B77FEF84A7B9681F63CB59E9AD83FA62207435C9B1356C543","eemcgdkfndhakfknompkggombfjjjeno":"45FC7CF26C7AF9E2AAEFF3784977C7D39BDBA7C752D934FD1A148B2D006FA296","ennkphjdgehloodpbhlhldgbnhmacadg":"86DB84D07EC9A832B1B6724EAE7F9C3DE70D1CE72037FFEC401F0B369A910166","flliilndjeohchalpbbcdekjklbdgfkk":"7310AFE93DFC308FACE3F1BD3EBBF58A51384AC1ED31CDCE4577663D5182F1D6","gfdkimpbcpahaombhbimeihdjnejgicl":"8611FB1BDDEB3FEB86009C15604CDCFDAD82DCEC36BB94FBA60DB70ADDDFBA0D","gmlllbghnfkpflemihljekbapjopfjik":"560990EF270B14DA160F6051699DA753084E7A9DC4936C161A670330361B32A6","iajlkcpgcnbhfhpdeooockfaincfkjjj":"5B2F529DD01756B8638408C8D87759409FC67DED8ABDF88D5D8965FEA91636EE","kmendfapggjehodndflmmgagdbamhnfd":"7C75A931BA52FBDE5EEA2ECA0C38FF2382AD355EAF7851250737212478F171F9","lccekmodgklaepjeofjdjpbminllajkg":"CF099F094353B20CB1141982136BDDD359793DC57FBDC626702044C05648FB79","mfehgcgbbipciphmccgaenjidiccnmng":"34EBCE467B274407A3AF7B7436F4569280A211EEC42F325C152F4BB755CA391B","mfffpogegjflfpflabcdkioaeobkgjik":"8AFFEFFF214DF930223DAC09AAB89C11C3B22E2FA7DC6E9607A3D1A7498DAA2B","mgndgikekgjfcpckkfioiadnlibdjbkf":"CC87C245C2BF72B27CB095A0A8BE7C6FEECEDA1E5C900AC75A2D298A7D8CFA52","mhjfbmdgcfjbbpaeojofohoefgiehjai":"DF4C33640C86E250520CEFC4FC85647327D29942D5731D5BB4AEC0251BBB2959","nbpagnldghgfoolbancepceaanlmhfmd":"2C987AF269DD5DE780FA54E8E93594409989E1479A8DD5058A798A546D4A1E56","neajdppkdcdipfabeoofebfddakdcjhd":"09FF33F7FBF6C263F8412935EA90954633965C5F274B0BAECF455AB9F2A84025","nkeimhogjdpnpccoofpliimaahmaaome":"CFDCBFE89FACB8BF08C635489F0C1185B940BB337C93AACCE4904985A5E065C6","nmmhkkegccagdldgiimedpiccmgmieda":"1718343795E27B6E75C3523F95FF030F92B5A58C66DDE5394F97A38B87519131","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7F18D45982FD82E4F6063B4D01513FF03D121D0A5F8A81D52290B93523F18E15","pjkljhegncpnkpknbcohdijeoejaedia":"F8DF9C49F9E3EAB51A5FAC6710403F68867771191FDB72BC6E67DDAC6584E47E"}},"google":{"services":{"last_username":"500606BD925BD910DDA4E63449FAB8EB0D7C49C86F3AC2295EF245EA88DD2351","username":"F02E7C361639FB39BA73DF19452592BA5A03BE18138EAB1D10AB716BD82A16D5"}},"homepage":"E6F5DEDCDC0FA8B42892CE2544BFB2A580E1E35049ED9D838C724127FFAFF055","homepage_is_newtabpage":"E8AE4931C80B9B24284BA616AA3B6289AB121D34CC61A7EA927E7FAD7E04AEA8","pinned_tabs":"AA023312B0F25B3DEED836537C589D01F06B0880E16A47790BDA45206A903788","prefs":{"preference_reset_time":"3BD6E0C6DDFB0D2A7DC53D0F1A3CD607748A18C97C5B69559AEDB5E527BEF29C"},"profile":{"reset_prompt_memento":"5C674EFE210A2EFA312B676E9DADD2BDC66931F8CE5445074A35418580D76BE9"},"safebrowsing":{"incidents_sent":"B4B7318EE85C590501F08E623222A4AEFA5175C7EB87200DEF5AF128E0F74272"},"search_provider_overrides":"5F89590B6FF63820205085C4FDBFFA76C657C27861E236AA1B45714B88E6481D","session":{"restore_on_startup":"DB3FD204FD3E341D48ECF9CEF2A0A8E81E8D4686AAB00C47BECA8D92BA2A5048","startup_urls":"5AEFD04382E3605F4BA3FB8F157040AFD0CA10F89EE7280687F493927EC341B2"},"software_reporter":{"prompt_reason":"513EF978BF4355EFF1561AF4A2FEE72A90F59A8B8B1B7B4A5A657EF5106C6D6F","prompt_seed":"D8876E72F2C162216C6DA2ABC23F7AD0C3044B1FDD90A3A5675BBF365FDAAC0C","prompt_version":"0274DC722574C55569CD30B26500E462EAF5229E8C05348A7A191EA1A7E55C93"},"sync":{"remaining_rollback_tries":"4937FCBAA8676699B47756A7E86EBDCC37839C362D952683E625440B7ACD14B8"}},"super_mac":"C0D412A589826BCBAFA234E66EE31E8928760CAF7A223475F94AC5D5962BC4A4"},"session":{"restore_on_startup":1,"startup_urls":["https://www.google.de/search?q=googler&rlz=2C1CHFX_deDE0537DE0537&oq=googler&aqs=chrome.0.69i57j5j0l2&sourceid=chrome&ie=UTF-8"]},"sync":{"remaining_rollback_tries":0}}), Ersetzt,[c9d71a7ed4b6ad891fc64e1fba4cc63a] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
27.05.2015, 20:45 | #2 |
/// TB-Ausbilder | MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
28.05.2015, 18:13 | #3 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oftCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by Nick at 2015-05-28 19:08:00 Running from C:\Users\Nick\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2093199856-2832982660-2437927299-500 - Administrator - Disabled) Gast (S-1-5-21-2093199856-2832982660-2437927299-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2093199856-2832982660-2437927299-1002 - Limited - Enabled) Nick (S-1-5-21-2093199856-2832982660-2437927299-1000 - Administrator - Enabled) => C:\Users\Nick ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) Back to Bed (HKLM-x32\...\Steam App 308040) (Version: - Bedtime Digital Games) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Blender (HKLM\...\Blender) (Version: 2.67b - Blender Foundation) Blobby Volley 2.0 Version 0.9b (HKLM-x32\...\Blobby Volley 2.0 Version 0.9b_is1) (Version: - ) BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - ) CodeBlocks (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deep Fritz 14 64-bit (HKLM\...\{678EE564-7768-4E8C-9EEA-35954C4FF423}) (Version: 14.0.0.0 - ChessBase) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Die ersten 10 Jahre (HKLM-x32\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - ) Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.1 - Daedalic Entertainment) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts) FileZilla Client 3.9.0.6 (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free DVD Video Converter version 2.0.21.806 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.21.806 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Harveys Neue Augen Demo (HKLM-x32\...\Harvey) (Version: 1.0 - Daedalic Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - ) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JStock (remove only) (HKLM-x32\...\JStock) (Version: - ) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LIMBO (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Limbo) (Version: - ) Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.) Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MySQL Connector C++ 1.1.4 (HKLM\...\{1F5C1E97-AE40-4EE7-9959-3D8038B6EAC8}) (Version: 1.1.4 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{9779CE68-28F8-4E19-A70C-48BEA184C656}) (Version: 5.1.33 - Oracle Corporation) MySQL Connector Net 6.9.3 (HKLM-x32\...\{74857B00-8FC2-4E98-83C3-31CA77FDDA95}) (Version: 6.9.3 - Oracle) MySQL Connector/C 6.1 (HKLM\...\{4E2AAB30-1E42-4ACA-B1A9-3AE8629D0C89}) (Version: 6.1.5 - Oracle Corporation) MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation) MySQL Documents 5.5 (HKLM-x32\...\{BCF64211-43D1-4152-A152-7E30D0D7570D}) (Version: 5.5.40 - Oracle Corporation) MySQL Examples and Samples 5.5 (HKLM-x32\...\{33A3D172-0E98-4D16-80DD-9CB3D4AC814D}) (Version: 5.5.40 - Oracle Corporation) MySQL For Excel 1.3.2 (HKLM-x32\...\{C51E8927-4D82-4157-AA21-0D62900E214A}) (Version: 1.3.2 - Oracle) MySQL Installer (HKLM-x32\...\{2D5C73E8-EA6C-4A0A-8B27-FF48B04977E5}) (Version: 1.3.7.0 - Oracle Corporation) MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle) MySQL Utilities (HKLM-x32\...\{0B18AA75-6A44-4950-A0A2-A486C2D839A0}) (Version: 1.4.4 - Oracle Corporation) MySQL Workbench 6.2 CE (HKLM-x32\...\{5997433F-76FA-4A1E-B8ED-22C7B0041D3F}) (Version: 6.2.3 - Oracle Corporation) Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation) NVIDIA Grafiktreiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{98812f3d-e80b-4944-9fdf-8b8a145eeff0}) (Version: latest - ppy Pty Ltd) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.) ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH) Samsung i-Launcher 1.0.1.22 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.22 - Samsung Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Shredder Classic 4 (HKLM-x32\...\{C0FA6973-0ED6-4523-9593-BE50927A28BB}_is1) (Version: - Stefan Meyer-Kahlen) SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SPEEDLINK REFLECT (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.5 - SPEEDLINK) Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version: - ) TeamSpeak 3 Client (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com) TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech) USIM Editor 1.0.33.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - ) Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version: 2.0 - kapieren.de) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.12.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) WorldPainter 1.8.5 (HKLM\...\4144-4862-0472-7103) (Version: 1.8.5 - pepsoft.org) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-05-2015 15:58:25 AVG PC TuneUp 2015 wird entfernt 24-05-2015 15:59:01 AVG PC TuneUp 2015 (de-DE) wird entfernt 24-05-2015 19:00:04 Windows-Sicherung 24-05-2015 21:30:03 NVIDIA PhysX wird entfernt ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-03-12 17:25 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0707A902-C399-4CB6-958C-799A14C44554} - System32\Tasks\{E3A60ACE-0A07-4C77-B11E-CC1A1BB47747} => pcalua.exe -a C:\Users\Nick\Downloads\forge-1.7.10-10.13.0.1188-installer-win.exe -d C:\Users\Nick\Downloads Task: {10E20190-DF4E-4BDC-99DA-27871F02E8AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {31CB2F5C-67F6-4A86-8CAA-3AB99769FAD9} - System32\Tasks\{820356CB-EF83-4F54-9A2A-2DDA5775837A} => pcalua.exe -a C:\Users\Nick\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\Nick\Downloads Task: {36151F80-37E8-4DB1-A2E4-0D82979C2C45} - System32\Tasks\WBCYJ1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe Task: {449AED61-1E93-44B1-A017-3B8C6E7A803D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.) Task: {50976628-F218-45DE-B800-B1DE25BEBEF9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {6C15F5E7-C1AA-427C-999C-582F99D6DC85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.) Task: {7220D149-5A6F-4CDF-9417-16715361B0CD} - System32\Tasks\{D832EF5B-B92E-4E00-A32B-17DE2F86F23C} => pcalua.exe -a D:\setup.exe -d C:\Users\Nick\Desktop Task: {7A684ACA-7CA5-4A88-81AA-581308203975} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {80113F21-F93F-45EE-A746-2FB9B8EC1903} - System32\Tasks\{E83A90AD-AAC7-404A-ADAC-C19B9A6231AB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1604 Task: {8FEB3C11-7AEE-470E-8F3A-7AAE161238D5} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe [2014-09-03] (Oracle Corporation) Task: {A6B293F1-52F0-4348-BC0B-C691D02FDD0C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {CAA21C80-B320-4B3E-828F-59104CF4BEB6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {CC1E9318-04E0-4A24-8701-1FAF8129ED2A} - System32\Tasks\{9438142E-686D-46F2-8775-D190EA9C36B5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/de/abandoninstall?page=tsBing Task: {EED0DFB1-99E6-4354-B5F8-FF61126BCB58} - System32\Tasks\{5533A666-D628-493D-A04A-240DDF67D24F} => pcalua.exe -a C:\Users\Nick\Desktop\forge-1.7.10-10.13.0.1188-installer-win.exe -d C:\Users\Nick\Desktop Task: {F491C524-E202-4A4F-A565-E5330A6D0534} - System32\Tasks\{41B5DFA3-6523-464B-9ED1-78671AAEAEA3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {F88DABE5-4C16-4B9D-B0E8-295651AEE9E8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\WBCYJ1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-05-25 12:10 - 2011-03-31 05:37 - 00221184 ____N () C:\Windows\system\Cm106eye.exe 2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\quazip.dll 2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll 2014-01-13 03:51 - 2014-01-13 03:51 - 00301912 _____ () C:\Windows\system32\wintab32.dll 2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2014-02-28 15:07 - 2014-08-12 18:56 - 00102344 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2014-02-28 15:07 - 2014-08-12 18:56 - 00108488 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll 2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll 2014-02-28 15:10 - 2014-08-12 18:56 - 00563656 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2014-02-28 15:10 - 2014-08-12 18:56 - 00579016 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe 2014-01-13 03:51 - 2014-01-13 03:51 - 00301912 _____ () C:\Windows\system32\WinTab32.DLL 2015-04-07 20:59 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2013-08-21 14:18 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 16:50 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 16:50 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 16:50 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 18:37 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 15:06 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 15:06 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 15:06 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 15:06 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 15:06 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2013-08-28 13:47 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-05-28 19:04 - 2015-05-28 19:04 - 00155232 ___HT () C:\Users\Nick\AppData\Local\Temp\~787A.tmp 2014-01-29 16:38 - 2015-04-10 13:31 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2014-01-29 16:38 - 2015-04-10 13:31 - 00228352 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll 2013-05-25 12:10 - 2011-03-31 05:37 - 00491520 ____N () C:\Windows\system\CmAu106.dll 2015-05-28 18:07 - 2015-05-28 18:07 - 00043008 _____ () c:\users\nick\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplzpehh.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-01-13 03:51 - 2014-01-13 03:51 - 00249688 _____ () C:\Windows\SysWOW64\WinTab32.DLL 2014-01-13 03:51 - 2014-01-13 03:51 - 00241496 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll 2013-08-07 11:31 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2015-05-25 19:31 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-25 19:31 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00313344 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00389120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 06672896 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00156160 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 01174016 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 01240064 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00351744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00607744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 01336320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00394752 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 03191808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 01762816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00143360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00230912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00996352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00582144 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll 2015-03-14 14:56 - 2015-05-28 18:08 - 12313600 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 09901568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00094208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll 2015-03-14 14:56 - 2015-03-14 14:56 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi 2015-03-14 14:56 - 2015-03-14 14:56 - 00012800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt 2015-03-14 14:56 - 2015-03-14 14:56 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt 2015-03-14 14:56 - 2015-05-27 15:45 - 00173568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll 2015-03-14 14:56 - 2015-05-27 15:45 - 00972800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll 2015-05-14 20:07 - 2015-05-11 21:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F79F0EA6-A32E-4A61-BDCD-A16A9DFF6639}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{916A67E1-09DE-42E1-8258-1809F38627DC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{F28FB2BE-AFAC-438F-9388-AEE13C3BA422}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{F32809F4-F3C4-466A-B2D5-0E039D0818CC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{CD1DE4B3-816A-4371-A7CA-2C0746729EC5}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [TCP Query User{A2A6AE1F-FB2D-4A6F-BBA8-E1E376E1EB84}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{A81A6D90-2F54-4A24-8817-EB33431B992C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [{A41CCB57-C4D1-4054-A246-09EFC03E8B99}] => (Allow) D:\setup\hpznui40.exe FirewallRules: [{AD5BE695-F7A1-4C76-9E23-8383838DF35D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{CD8DB64B-6D2F-4C29-82EB-98A448693004}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{D13DC824-9D71-479E-A415-8D4B7F935FC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{FB49D08E-C552-46C4-9F2D-668F65507C6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{D92C554B-FD80-46E0-9EE8-DCF9D47BC446}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{4FFF90EE-257F-471F-870A-51636EAEE3D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A611056E-8E84-4C1B-A53D-B9A2D92D56E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{1B4878B1-6CBF-42A5-846F-4D6D67FAC7DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{9E22E815-EFC3-4C3A-B113-E766E08C74DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{274FE227-A928-4D4E-A267-8CB12C0EC47C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{86B33DC8-0B44-4AF0-9C6E-CEE45365D875}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{8F69E32C-6198-4D22-90F3-59D978662AC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{99676149-4CDD-4DA3-AA75-B55E68355212}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{B079EAC4-E3EE-42A8-843D-3A544A586B73}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{070BC919-6266-4BBE-8E1A-B23179C0A223}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{2E52F5BA-5AD7-4172-A5A5-87E3D7A15410}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{044CC7E5-DC38-4318-A712-4094F2B4E162}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{0673E35D-019F-4976-B506-7C29A4BC8D4D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{6C87E4B4-CE7B-4972-A6A7-65C48E7A60AA}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{50978D7E-8B9C-4A62-A5C7-6C18D9678A45}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{123BD190-3B5E-416A-8BC5-097788297E8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{500C31E2-55A4-43FD-8010-6F31A8A5CC5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0B597C0A-73D8-4636-81ED-BC1EB6EFD449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe FirewallRules: [{80A43A9A-4918-49CA-B50E-33E9B24AFB7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe FirewallRules: [{AC91E98D-769A-4B39-8CC9-88F7F3DD0684}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{C90FCF29-EF52-444C-B9D1-07467256A143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{68977582-A0DF-4053-A623-2E906553AF0B}] => (Allow) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{B245ED21-5F1D-4E78-9864-02C99076DA3C}] => (Allow) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{F0AAF4AE-5B6B-4FEC-8B0A-AA0A65C2C571}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe FirewallRules: [UDP Query User{D13BEB6A-ACA8-4363-916F-2E46BBC6CA9A}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe FirewallRules: [{94472E04-6A62-41F4-83AF-6F07C45C1FD3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe FirewallRules: [{890B706B-268A-48A7-856E-71E3D4E8C08E}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe FirewallRules: [TCP Query User{C181E16E-6988-46F3-8C19-547189E081C1}C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{894499EB-0AEE-4634-88C8-36B4A2C16658}C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{67783C3B-820E-4AEC-9FBA-579DA69FF872}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{18F23C71-D4F1-4FE9-A37B-7F0D54D41B67}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{8D705BEA-4124-4051-99D1-A71EEBA0CD47}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{45F9DD2F-F6C9-44D8-9A26-4A1FA3C58695}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{E09FBBA1-9295-4BBD-8DBF-697263642655}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{9408CB65-7B8F-4AEA-B0C2-522E68919B28}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{B563C909-70DA-4EA0-99A7-CE1E1DE86E98}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe FirewallRules: [UDP Query User{8F36DB3F-8C7B-43D4-A437-8290C4A28D98}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe FirewallRules: [TCP Query User{2F521C93-5718-4A21-8EF7-7C9B6EEEDD01}C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe] => (Allow) C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe FirewallRules: [UDP Query User{D12B2432-7748-4324-9E10-BFC241B7309F}C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe] => (Allow) C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe FirewallRules: [TCP Query User{42A4E4D3-FF52-48B5-8C55-ACD06AE0C84A}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe FirewallRules: [UDP Query User{DAB67FC6-91E7-4978-90C4-11522561980C}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe FirewallRules: [{C7FBF75C-5A06-4297-A045-70BF3B832B6E}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe FirewallRules: [{B00B6466-718B-4BFB-A8C5-4F0ED470F813}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe FirewallRules: [TCP Query User{3B7207AD-84EF-4BF9-A99B-67E225570E26}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe] => (Allow) C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe FirewallRules: [UDP Query User{1FC8DBF7-F9BE-4116-AAF3-A1EA26C56CB7}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe] => (Allow) C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe FirewallRules: [{3F1C80BF-8047-4236-BF7C-8F7CEB6E0972}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe FirewallRules: [{EA050F3A-A660-458E-AE11-A9958FB16C0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe FirewallRules: [{D9B6E16E-1323-4DF4-8E25-3B268DE1B148}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [{1F76B087-AA65-44ED-9C93-224F6F64BA35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [{A504F36F-12EB-48BE-AF18-31CDEB60B6EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe FirewallRules: [{5B769A64-C565-4DBC-9A3E-D48941FE1A7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe FirewallRules: [{2F081D27-EA74-42C1-A9FB-7186FBCFDB64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{F894234A-F7D6-4377-B604-29DF5B6708D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{67808984-5578-43C7-BEDF-DF5FE5544B21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{BD96D59D-9C31-422A-A4FC-A73711AE042E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{B6BCFA4F-53DB-4EF9-B73B-D3C7C53927CD}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe FirewallRules: [UDP Query User{73135790-16E8-427F-982A-E98451465922}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe FirewallRules: [{EE46349C-D4DE-4AC2-A271-ED1B790F5FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe FirewallRules: [{83976C88-2D0B-40CE-B074-2964C82350B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe FirewallRules: [{91902EC4-75E9-4420-8F26-A663CA2D8757}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AF69AA4B-AED4-41FD-A25D-20B42A89279D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2419DA34-1889-498B-82E2-5293F15A8E00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe FirewallRules: [{4CF99383-E55F-490F-A367-1B1161C5B74A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe FirewallRules: [TCP Query User{AF5B66FE-5715-4E82-B7D2-4D48A25015E8}E:\jdk\bin\javaw.exe] => (Allow) E:\jdk\bin\javaw.exe FirewallRules: [UDP Query User{A7082791-8F80-4E10-91B9-1B184B2CA7D5}E:\jdk\bin\javaw.exe] => (Allow) E:\jdk\bin\javaw.exe FirewallRules: [TCP Query User{8B3EEB25-9640-4127-9880-77F738972BCF}E:\jdk\jre\bin\java.exe] => (Allow) E:\jdk\jre\bin\java.exe FirewallRules: [UDP Query User{263D4EE8-F50E-4739-9B7E-929F57B7C8D5}E:\jdk\jre\bin\java.exe] => (Allow) E:\jdk\jre\bin\java.exe FirewallRules: [TCP Query User{0A57F85F-6FB8-42AA-AC0A-216CC438A966}E:\java\greenfoot\greenfoot.exe] => (Allow) E:\java\greenfoot\greenfoot.exe FirewallRules: [UDP Query User{DB6E236D-AFDD-410C-A75A-137E4E104D55}E:\java\greenfoot\greenfoot.exe] => (Allow) E:\java\greenfoot\greenfoot.exe FirewallRules: [TCP Query User{A06FDC56-E8AA-458E-9204-6563BDD2ACC6}E:\java\jdk\jre\bin\java.exe] => (Allow) E:\java\jdk\jre\bin\java.exe FirewallRules: [UDP Query User{0702095A-2E5C-4B83-A71B-EA48296F3F15}E:\java\jdk\jre\bin\java.exe] => (Allow) E:\java\jdk\jre\bin\java.exe FirewallRules: [TCP Query User{F70B2010-B6E0-43CE-A83F-8F7CFFDD795A}E:\java\jdk\bin\javaw.exe] => (Allow) E:\java\jdk\bin\javaw.exe FirewallRules: [UDP Query User{239B915E-1627-4757-88D5-E5A475D688D0}E:\java\jdk\bin\javaw.exe] => (Allow) E:\java\jdk\bin\javaw.exe FirewallRules: [{BB2E1048-2F84-47E9-94FF-24BDB26784A7}] => (Block) E:\java\jdk\bin\javaw.exe FirewallRules: [{9EB6E139-3201-444E-9723-AD6BD78EBD9B}] => (Block) E:\java\jdk\bin\javaw.exe FirewallRules: [{B96DC63C-623F-425F-AEAD-B8DDED97E42C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BackToBed\BackToBed.exe FirewallRules: [{8159A1CF-E42A-4338-A952-3E3E78856555}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BackToBed\BackToBed.exe FirewallRules: [{95B37C93-ABFB-486C-9853-8EDA724DC8A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EBF266F6-DE3C-450F-AFF4-2964D2090F30}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{755637AB-1414-4245-8AF8-B3230EC9E5E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{A9FCCE4A-DA0C-41AB-BA07-00C050E5B1BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8CAD626C-5FC1-47CB-BA34-A8251D99BD61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{28068F8E-C054-489B-BE4E-B8F3B4520480}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{547EA45C-C98D-4839-8928-3FF2C223FFA2}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{371465BD-F6E7-4CC6-9649-95FFD2F46371}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{BAB116E7-728B-4061-A36E-DE4C925DC236}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe] => (Allow) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe FirewallRules: [UDP Query User{A226B8C2-A5C2-4E8C-9879-B54D5EE8815B}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe] => (Allow) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe FirewallRules: [TCP Query User{F58F61AE-8BDE-4F9B-81FB-A41B61AA3975}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe] => (Block) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe FirewallRules: [UDP Query User{29B4B71C-7422-4951-BC1A-0B47ABA657C9}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe] => (Block) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe FirewallRules: [TCP Query User{564AD28D-9FD5-4180-A1CC-9832BF89B077}G:\java\jdk\bin\javaw.exe] => (Allow) G:\java\jdk\bin\javaw.exe FirewallRules: [UDP Query User{537CF76B-9CF7-4F1E-AF0E-70040F5AC8B8}G:\java\jdk\bin\javaw.exe] => (Allow) G:\java\jdk\bin\javaw.exe FirewallRules: [TCP Query User{B084F9D8-43D8-4C03-8586-3C58A37B6623}G:\java\jdk\jre\bin\java.exe] => (Allow) G:\java\jdk\jre\bin\java.exe FirewallRules: [UDP Query User{9AB77540-2DF6-44A6-8BEB-E568E8F1D37C}G:\java\jdk\jre\bin\java.exe] => (Allow) G:\java\jdk\jre\bin\java.exe FirewallRules: [{1F46E3C9-655B-4437-B5C5-5959D8BB304F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{5F997266-7A45-4155-B3DA-C6D3F2C6E44F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe FirewallRules: [TCP Query User{C1058049-BDDD-4144-A5D6-2E7083610E85}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{2C17E90F-E31C-4D4E-806B-9739FFC8A727}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [{52045D0C-F98C-44F8-B3F8-2F8AB1701889}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{904C16A1-F692-4D9F-BD49-30E8AD052ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F9B6C694-02DE-4749-8965-F9B7F743D3EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{8C82D8D7-8FD6-49F7-95A8-1208DE0009F5}] => (Allow) LPort=2869 FirewallRules: [{A525B475-B218-40F4-A12C-180A43A3FA69}] => (Allow) LPort=1900 FirewallRules: [{942BD708-0E25-4274-BAB9-A647D7B7E4C7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{995EBE06-1357-4432-ADD6-C51A2E1DC13B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{E5233996-87F7-47F1-90D6-1037EC0CD141}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{4961A9FE-1210-49E8-BE94-C58D4D77AD81}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{DA4D4A7E-1A73-41DB-9652-34BDEBF5E01D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{6E391988-7754-424E-9063-8AD20A248115}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{5544209A-F4C8-4A15-89B1-AC6AA2BC3BA1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{B6D0CFE9-C090-4547-A1D8-B946114C22A4}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [UDP Query User{3C434A39-BFAD-4007-A808-B2881C89BAD8}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [{3ABFEDE4-7780-4F97-8D06-4B15EBB94E67}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{746D9974-99E0-4943-9A91-812234FC2070}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{1A9A64D8-D12A-4C7A-84EC-D6A61B1DD37E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{FB957155-3AD6-48C3-B62C-03848E5EE222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{4CB15694-4A64-42FC-BF85-4CC1F175D5C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: HID-konforme Maus Description: HID-konforme Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: mouhid Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HID-konforme Maus Description: HID-konforme Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: mouhid Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Programmable Root Enumerator Description: Programming Support Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a} Manufacturer: Mad Catz Service: SaiNtBus Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (05/28/2015 06:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 09:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 08:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 07:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm chrome.exe, Version 43.0.2357.81 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1244 Startzeit: 01d098830dc35ad5 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: 69e3795c-0499-11e5-b022-d43d7e93280b Error: (05/27/2015 03:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2015 02:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 09:46:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066 Name des fehlerhaften Moduls: Etprop.ax, Version: 1.0.0.0, Zeitstempel: 0x4ce0c9ef Ausnahmecode: 0x40000015 Fehleroffset: 0x0000cf82 ID des fehlerhaften Prozesses: 0x14b8 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (05/25/2015 07:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 00:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 09:30:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm osu!.exe, Version 1.3.3.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2100 Startzeit: 01d09657169b74ee Endzeit: 22 Anwendungspfad: C:\Users\Nick\AppData\Local\osu!\osu!.exe Berichts-ID: System errors: ============= Error: (05/28/2015 05:58:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/27/2015 09:09:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070 Error: (05/27/2015 09:09:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070 Error: (05/27/2015 09:09:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet. Error: (05/27/2015 09:07:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/27/2015 08:58:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/27/2015 08:58:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (05/27/2015 08:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/27/2015 03:41:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/26/2015 02:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office: ========================= Error: (05/28/2015 06:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 09:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 08:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 07:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe43.0.2357.81124401d098830dc35ad54C:\Program Files (x86)\Google\Chrome\Application\chrome.exe69e3795c-0499-11e5-b022-d43d7e93280b Error: (05/27/2015 03:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2015 02:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 09:46:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe43.0.2357.655552c066Etprop.ax1.0.0.04ce0c9ef400000150000cf8214b801d0970c6c014148C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\Etprop.axc335d9de-0316-11e5-9be0-d43d7e93280b Error: (05/25/2015 07:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 00:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 09:30:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: osu!.exe1.3.3.7210001d09657169b74ee22C:\Users\Nick\AppData\Local\osu!\osu!.exe CodeIntegrity Errors: =================================== Date: 2015-05-20 16:49:58.710 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nick\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-20 16:49:58.680 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nick\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-20 16:49:58.574 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-20 16:49:58.540 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-07-23 19:36:44.351 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-07-23 19:36:44.312 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 16317.41 MB Available physical RAM: 12238.15 MB Total Pagefile: 32633.04 MB Available Pagefile: 26975.81 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Nicks 2TB Festplatte) (Fixed) (Total:1851.64 GB) (Free:1390.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5593A727) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1851.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11 GB) - (Type=27) ==================== End of log ============================ |
28.05.2015, 18:14 | #4 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oftCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nick (administrator) on NICKS-PC on 28-05-2015 19:07:19 Running from C:\Users\Nick\Desktop Loaded Profiles: Nick (Available Profiles: Nick) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Windows\system\cm106eye.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Dropbox, Inc.) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-09] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [41304 2014-01-13] (Tablet Driver) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.) HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun AppInit_DLLs: C:\ProgramData\SecurityUtility\SecurityUtility64.dll => C:\ProgramData\SecurityUtility\SecurityUtility64.dll File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-23] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2013-05-25] ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-04] ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-23] FF HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27] CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] () R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 AfaService; C:\Windows\system32\afasrv64.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation) R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164736 2013-12-25] (ITE ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408576 2010-11-10] (Etron) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 19:07 - 2015-05-28 19:07 - 00023521 _____ () C:\Users\Nick\Desktop\FRST.txt 2015-05-28 19:03 - 2015-05-28 19:03 - 02108928 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe 2015-05-27 21:16 - 2015-05-27 21:16 - 00058648 _____ () C:\Users\Nick\Desktop\mbam2.txt 2015-05-26 21:40 - 2015-05-26 21:40 - 00017107 _____ () C:\Users\Nick\Desktop\Esport.odt 2015-05-24 21:29 - 2015-05-12 04:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-05-24 21:28 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-05-24 21:28 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-05-24 21:28 - 2015-05-12 08:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-05-24 16:41 - 2015-05-24 16:41 - 00008306 _____ () C:\Users\Nick\Desktop\BlitzGrandPrixEinzelrunden.ods 2015-05-24 15:57 - 2015-05-28 18:07 - 00000364 _____ () C:\Windows\Tasks\WBCYJ1.job 2015-05-24 15:57 - 2015-05-24 15:57 - 00002886 _____ () C:\Windows\System32\Tasks\WBCYJ1 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVG 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Local\Avg 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\AVG 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8 2015-05-24 15:55 - 2015-05-24 15:55 - 00054408 _____ () C:\Users\Nick\Downloads\3DMark-v1-5-893_CB-DL-Manager.exe 2015-05-20 17:07 - 2015-05-20 17:07 - 11298737 _____ () C:\Users\Nick\Downloads\M7808v1.0.zip 2015-05-20 17:07 - 2015-05-20 17:07 - 07318031 _____ () C:\Users\Nick\Downloads\7808v17.zip 2015-05-20 16:49 - 2015-05-20 16:49 - 04179293 _____ (Lavalys, Inc. ) C:\Users\Nick\Downloads\everesthome220.exe 2015-05-20 16:49 - 2015-05-20 16:49 - 00001126 _____ () C:\Users\Nick\Desktop\EVEREST Home Edition.lnk 2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\Program Files (x86)\Lavalys 2015-05-16 20:50 - 2015-05-16 20:50 - 09900819 _____ () C:\Users\Nick\Downloads\150945 Knife Party - Centipede (1).osz 2015-05-15 13:23 - 2015-05-15 13:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-05-13 23:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 23:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 22:51 - 2015-05-13 22:51 - 00000222 _____ () C:\Users\Nick\Desktop\AdVenture Capitalist.url 2015-05-13 15:05 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 15:05 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 15:05 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 15:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 15:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 15:05 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 15:05 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 15:05 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 15:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 15:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 15:05 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 15:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 15:05 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 15:05 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 15:05 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 15:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 15:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 15:05 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 15:05 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 15:05 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 15:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 15:05 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 15:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 15:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 15:05 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 15:05 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 15:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 15:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 15:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 15:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 15:05 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 15:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 15:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 15:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 15:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 15:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 15:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 15:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 15:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 15:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 15:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 15:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 15:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 15:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 15:05 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 15:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 15:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 15:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 15:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 15:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 15:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 15:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 15:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 15:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 15:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 15:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 15:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 15:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 15:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 15:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 15:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 15:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 15:05 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 15:05 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 15:04 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 15:04 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 15:04 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 15:04 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 15:04 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 15:04 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 15:04 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 15:04 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 15:04 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 15:04 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 15:04 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 15:04 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 15:04 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 15:04 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 15:04 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 15:04 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 15:04 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 15:04 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 15:03 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 15:03 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 15:03 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 15:03 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 15:03 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 15:03 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 15:03 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 15:03 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 15:03 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 15:03 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 15:03 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 15:03 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 15:03 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 15:03 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 15:03 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-12 21:07 - 2015-05-12 21:07 - 02860245 _____ () C:\Users\Nick\Downloads\175036 Maffalda - pensamento tipico de esquerda caviar.osz 2015-05-11 17:21 - 2015-05-11 17:21 - 03986414 _____ () C:\Users\Nick\Downloads\24340 Cascada - Dangerous (Nightcore Mix).osz 2015-05-08 14:51 - 2015-05-08 14:51 - 05405578 _____ () C:\Users\Nick\Downloads\33119 F-777 - He's a Pirate (1).osz 2015-05-06 18:49 - 2015-05-06 18:49 - 13087456 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Silverlight_x64.exe 2015-04-30 19:32 - 2015-04-30 19:32 - 00001219 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk 2015-04-30 19:32 - 2015-04-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2015-04-30 18:33 - 2015-04-30 19:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm 2015-04-29 19:23 - 2015-04-29 19:24 - 19809716 _____ () C:\Users\Nick\Downloads\80104 Jin - Yobanashi Deceive.osz ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 19:07 - 2015-03-12 15:08 - 00000000 ____D () C:\FRST 2015-05-28 19:07 - 2013-05-29 16:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype 2015-05-28 19:06 - 2013-05-25 11:07 - 01242858 _____ () C:\Windows\WindowsUpdate.log 2015-05-28 19:04 - 2013-09-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-28 19:03 - 2015-03-12 15:08 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe 2015-05-28 19:02 - 2013-06-14 20:40 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\TS3Client 2015-05-28 19:01 - 2015-03-01 16:40 - 00000000 ____D () C:\Users\Nick\Desktop\Blitz GrandPrix 2015-05-28 19:01 - 2014-07-25 16:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-28 19:01 - 2014-04-18 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-28 19:01 - 2013-05-26 12:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-28 19:00 - 2013-05-26 12:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-28 18:07 - 2013-12-22 16:48 - 00000000 ____D () C:\ProgramData\Origin 2015-05-28 18:07 - 2013-10-04 21:53 - 00000000 ___RD () C:\Users\Nick\Dropbox 2015-05-28 18:07 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox 2015-05-28 18:07 - 2013-06-12 16:43 - 00000000 ____D () C:\Users\Nick\AppData\Local\LogMeIn Hamachi 2015-05-28 18:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-28 18:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-28 17:58 - 2014-12-11 18:43 - 00038566 _____ () C:\Windows\setupact.log 2015-05-28 17:58 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-28 17:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-27 21:23 - 2015-03-19 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Local\osu! 2015-05-27 21:07 - 2015-01-03 13:25 - 00179892 _____ () C:\Windows\PFRO.log 2015-05-27 20:20 - 2014-07-25 16:39 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-25 22:58 - 2014-11-14 15:48 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.minecraft 2015-05-25 21:59 - 2015-04-05 17:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net 2015-05-25 21:48 - 2013-05-25 18:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps 2015-05-25 19:31 - 2013-05-26 12:51 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-24 21:41 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Nick\Desktop\Chat Test 2015-05-24 21:37 - 2014-07-04 20:36 - 93089657 _____ () C:\Users\Nick\Desktop\Mod-Pack.zip 2015-05-24 21:30 - 2014-11-04 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-05-24 21:30 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-05-24 21:29 - 2013-05-22 11:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-05-24 20:41 - 2014-11-04 21:18 - 00001401 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2015-05-24 12:57 - 2013-12-22 18:20 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\FIFA 13 2015-05-23 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-23 14:41 - 2013-08-05 14:28 - 00000948 _____ () C:\Users\Nick\Desktop\lol.txt 2015-05-22 14:57 - 2013-12-31 15:29 - 04697768 _____ () C:\Users\Nick\Desktop\TechnicLauncher.exe 2015-05-22 14:57 - 2013-08-27 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.technic 2015-05-21 21:00 - 2015-04-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-20 17:46 - 2015-03-22 17:40 - 37648082 _____ () C:\Users\Nick\Desktop\pi_data.txt 2015-05-20 17:35 - 2015-04-05 17:52 - 00000490 _____ () C:\Users\Nick\Desktop\cpuz.ini 2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-17 18:23 - 2013-05-26 12:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 18:23 - 2013-05-26 12:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 17:57 - 2014-12-18 19:19 - 00000000 ____D () C:\Users\Nick\Desktop\Partien 2015-05-16 15:19 - 2011-04-12 09:43 - 00700012 _____ () C:\Windows\system32\perfh007.dat 2015-05-16 15:19 - 2011-04-12 09:43 - 00149604 _____ () C:\Windows\system32\perfc007.dat 2015-05-16 15:19 - 2009-07-14 07:13 - 01622382 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-15 16:36 - 2014-03-15 17:05 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\TmForever 2015-05-14 21:59 - 2015-04-05 20:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-05-14 20:04 - 2009-07-14 06:45 - 00314448 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-14 20:01 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 23:45 - 2013-05-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-05-13 23:45 - 2013-04-23 10:14 - 01649064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-13 23:44 - 2013-08-14 16:28 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 23:39 - 2013-08-10 12:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 23:37 - 2013-08-13 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 22:51 - 2014-06-20 23:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-05-13 19:22 - 2014-07-09 18:07 - 00007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg 2015-05-13 16:09 - 2015-04-05 17:24 - 00000000 ____D () C:\Program Files (x86)\StarCraft II 2015-05-13 08:52 - 2014-08-19 22:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-05-12 20:55 - 2013-05-25 11:51 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Audacity 2015-05-12 20:49 - 2014-12-05 13:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 16:58 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-12 08:27 - 2014-09-27 21:59 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-05-12 08:27 - 2014-09-27 21:59 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-05-12 08:27 - 2014-08-19 22:13 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 00031710 _____ () C:\Windows\system32\nvinfo.pb 2015-05-12 05:30 - 2013-05-22 11:52 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-05-12 05:30 - 2013-05-22 11:52 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-05-11 19:01 - 2013-05-22 11:52 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin 2015-05-11 17:23 - 2015-01-08 22:07 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-05-11 17:12 - 2013-05-29 16:31 - 00000000 ____D () C:\ProgramData\Skype 2015-05-08 02:35 - 2014-11-04 21:18 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-05-08 02:35 - 2014-11-04 21:18 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-05-08 02:34 - 2014-11-04 21:18 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-05-08 02:34 - 2014-11-04 21:18 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-05-07 22:01 - 2014-05-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-07 22:00 - 2014-05-14 18:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-07 22:00 - 2014-05-14 18:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys ==================== Files in the root of some directories ======= 2014-07-04 21:16 - 2014-07-04 21:16 - 0046080 ___SH () C:\Users\Nick\AppData\Roaming\Thumbs.db 2015-04-23 19:23 - 2015-04-23 19:23 - 0000218 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel 2014-07-09 18:07 - 2015-05-13 19:22 - 0007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg 2013-06-23 11:34 - 2013-10-25 19:21 - 0001700 _____ () C:\ProgramData\hpzinstall.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LmeUSB.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002688 _____ () C:\ProgramData\LmeZJSW.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LSDmbTH.log Some files in TEMP: ==================== C:\Users\Nick\AppData\Local\Temp\avgnt.exe C:\Users\Nick\AppData\Local\Temp\cpuz165.exe C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplzpehh.dll C:\Users\Nick\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Nick\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Nick\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Nick\AppData\Local\Temp\nvStInst.exe C:\Users\Nick\AppData\Local\Temp\paint.net.4.0.5.install.exe C:\Users\Nick\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Nick\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Nick\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 16:21 ==================== End of log ============================ |
28.05.2015, 18:26 | #5 |
/// TB-Ausbilder | MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Ok, so gehts weiter: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp: reboot: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte SecurityCheck und:
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
29.05.2015, 13:55 | #6 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Sooo... ADW Cleaner: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 13:44:07 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Nick - NICKS-PC # Gestarted von : C:\Users\Nick\Desktop\AdwCleaner_4.205.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Nick\Desktop\ftb.exe Datei Gelöscht : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lfsm.de_0.localstorage Datei Gelöscht : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lfsm.de_0.localstorage-journal ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Google Chrome v43.0.2357.81 ************************* AdwCleaner[R0].txt - [3939 Bytes] - [12/03/2015 16:47:10] AdwCleaner[R1].txt - [1731 Bytes] - [29/05/2015 13:42:48] AdwCleaner[S0].txt - [3954 Bytes] - [12/03/2015 16:48:42] AdwCleaner[S1].txt - [1651 Bytes] - [29/05/2015 13:44:07] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1710 Bytes] ########## JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.4 (05.29.2015:1) OS: Windows 7 Home Premium x64 Ran by Nick on 29.05.2015 at 14:10:59,56 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1 ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8 ~~~ Chrome [C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.05.2015 at 14:13:09,94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fixlog Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by Nick at 2015-05-29 14:16:24 Run:2 Running from C:\Users\Nick\Desktop Loaded Profiles: Nick (Available Profiles: Nick) Boot Mode: Normal ============================================== fixlist content: ***************** emptytemp: reboot: ***************** EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 14:16:48 ==== checkup Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 17.0.0.169 Adobe Reader XI Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nick (administrator) on NICKS-PC on 29-05-2015 14:50:33 Running from C:\Users\Nick\Desktop Loaded Profiles: Nick (Available Profiles: Nick) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Windows\system\cm106eye.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Dropbox, Inc.) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Nick\Desktop\SecurityCheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-09] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [41304 2014-01-13] (Tablet Driver) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation) HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun AppInit_DLLs: C:\ProgramData\SecurityUtility\SecurityUtility64.dll => C:\ProgramData\SecurityUtility\SecurityUtility64.dll File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-23] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2013-05-25] ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-04] ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-23] FF HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27] CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] () R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 AfaService; C:\Windows\system32\afasrv64.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation) R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164736 2013-12-25] (ITE ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408576 2010-11-10] (Etron) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 14:50 - 2015-05-29 14:51 - 00023366 _____ () C:\Users\Nick\Desktop\FRST.txt 2015-05-29 14:49 - 2015-05-29 14:49 - 00001069 _____ () C:\Users\Nick\Desktop\sc.txt 2015-05-29 14:21 - 2015-05-29 14:20 - 00852639 _____ () C:\Users\Nick\Desktop\SecurityCheck.exe 2015-05-29 14:20 - 2015-05-29 14:20 - 00852639 _____ () C:\Users\Nick\Downloads\SecurityCheck.exe 2015-05-29 14:13 - 2015-05-29 14:13 - 00001298 _____ () C:\Users\Nick\Desktop\JRT.txt 2015-05-29 14:11 - 2015-05-29 14:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NICKS-PC-Windows-7-Home-Premium-(64-bit).dat 2015-05-29 14:11 - 2015-05-29 14:11 - 00000000 ____D () C:\RegBackup 2015-05-29 14:10 - 2015-05-29 14:09 - 02948651 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe 2015-05-29 14:09 - 2015-05-29 14:09 - 02948651 _____ (Thisisu) C:\Users\Nick\Downloads\JRT.exe 2015-05-29 14:09 - 2015-05-29 14:09 - 00001790 _____ () C:\Users\Nick\Desktop\adw2.txt 2015-05-29 13:42 - 2015-05-29 13:41 - 02222592 _____ () C:\Users\Nick\Desktop\AdwCleaner_4.205.exe 2015-05-29 13:41 - 2015-05-29 13:41 - 02222592 _____ () C:\Users\Nick\Downloads\AdwCleaner_4.205.exe 2015-05-28 19:03 - 2015-05-28 19:03 - 02108928 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe 2015-05-27 21:16 - 2015-05-27 21:16 - 00058648 _____ () C:\Users\Nick\Desktop\mbam2.txt 2015-05-26 21:40 - 2015-05-26 21:40 - 00017107 _____ () C:\Users\Nick\Desktop\Esport.odt 2015-05-24 21:29 - 2015-05-12 04:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-05-24 21:28 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-05-24 21:28 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-05-24 21:28 - 2015-05-12 08:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-05-24 21:28 - 2015-05-12 08:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-05-24 16:41 - 2015-05-24 16:41 - 00008306 _____ () C:\Users\Nick\Desktop\BlitzGrandPrixEinzelrunden.ods 2015-05-24 15:57 - 2015-05-29 14:17 - 00000364 _____ () C:\Windows\Tasks\WBCYJ1.job 2015-05-24 15:57 - 2015-05-24 15:57 - 00002886 _____ () C:\Windows\System32\Tasks\WBCYJ1 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVG 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Local\Avg 2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\AVG 2015-05-24 15:55 - 2015-05-24 15:55 - 00054408 _____ () C:\Users\Nick\Downloads\3DMark-v1-5-893_CB-DL-Manager.exe 2015-05-20 17:07 - 2015-05-20 17:07 - 11298737 _____ () C:\Users\Nick\Downloads\M7808v1.0.zip 2015-05-20 17:07 - 2015-05-20 17:07 - 07318031 _____ () C:\Users\Nick\Downloads\7808v17.zip 2015-05-20 16:49 - 2015-05-20 16:49 - 04179293 _____ (Lavalys, Inc. ) C:\Users\Nick\Downloads\everesthome220.exe 2015-05-20 16:49 - 2015-05-20 16:49 - 00001126 _____ () C:\Users\Nick\Desktop\EVEREST Home Edition.lnk 2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\Program Files (x86)\Lavalys 2015-05-16 20:50 - 2015-05-16 20:50 - 09900819 _____ () C:\Users\Nick\Downloads\150945 Knife Party - Centipede (1).osz 2015-05-15 13:23 - 2015-05-15 13:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-05-13 23:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 23:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 22:51 - 2015-05-13 22:51 - 00000222 _____ () C:\Users\Nick\Desktop\AdVenture Capitalist.url 2015-05-13 15:05 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 15:05 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 15:05 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 15:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 15:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 15:05 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 15:05 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 15:05 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 15:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 15:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 15:05 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 15:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 15:05 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 15:05 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 15:05 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 15:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 15:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 15:05 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 15:05 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 15:05 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 15:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 15:05 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 15:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 15:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 15:05 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 15:05 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 15:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 15:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 15:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 15:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 15:05 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 15:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 15:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 15:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 15:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 15:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 15:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 15:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 15:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 15:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 15:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 15:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 15:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 15:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 15:05 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 15:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 15:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 15:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 15:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 15:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 15:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 15:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 15:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 15:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 15:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 15:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 15:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 15:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 15:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 15:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 15:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 15:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 15:05 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 15:05 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 15:04 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 15:04 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 15:04 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 15:04 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 15:04 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 15:04 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 15:04 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 15:04 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 15:04 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 15:04 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 15:04 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 15:04 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 15:04 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 15:04 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 15:04 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 15:04 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 15:04 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 15:04 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 15:04 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 15:04 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 15:04 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 15:04 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 15:04 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 15:04 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 15:04 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 15:03 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 15:03 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 15:03 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 15:03 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 15:03 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 15:03 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 15:03 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 15:03 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 15:03 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 15:03 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 15:03 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 15:03 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 15:03 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 15:03 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 15:03 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 15:03 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-12 21:07 - 2015-05-12 21:07 - 02860245 _____ () C:\Users\Nick\Downloads\175036 Maffalda - pensamento tipico de esquerda caviar.osz 2015-05-11 17:21 - 2015-05-11 17:21 - 03986414 _____ () C:\Users\Nick\Downloads\24340 Cascada - Dangerous (Nightcore Mix).osz 2015-05-08 14:51 - 2015-05-08 14:51 - 05405578 _____ () C:\Users\Nick\Downloads\33119 F-777 - He's a Pirate (1).osz 2015-05-06 18:49 - 2015-05-06 18:49 - 13087456 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Silverlight_x64.exe 2015-04-30 19:32 - 2015-04-30 19:32 - 00001219 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk 2015-04-30 19:32 - 2015-04-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2015-04-30 18:33 - 2015-04-30 19:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm 2015-04-29 19:23 - 2015-04-29 19:24 - 19809716 _____ () C:\Users\Nick\Downloads\80104 Jin - Yobanashi Deceive.osz ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 14:50 - 2015-03-12 15:08 - 00000000 ____D () C:\FRST 2015-05-29 14:48 - 2014-04-18 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-29 14:40 - 2014-07-25 16:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-29 14:28 - 2013-05-26 12:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-29 14:26 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-29 14:26 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-29 14:22 - 2013-05-25 11:07 - 01273448 _____ () C:\Windows\WindowsUpdate.log 2015-05-29 14:19 - 2013-10-04 21:53 - 00000000 ___RD () C:\Users\Nick\Dropbox 2015-05-29 14:19 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox 2015-05-29 14:19 - 2013-05-29 16:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype 2015-05-29 14:18 - 2013-12-22 16:48 - 00000000 ____D () C:\ProgramData\Origin 2015-05-29 14:18 - 2013-09-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-29 14:18 - 2013-06-12 16:43 - 00000000 ____D () C:\Users\Nick\AppData\Local\LogMeIn Hamachi 2015-05-29 14:17 - 2015-01-03 13:25 - 00180582 _____ () C:\Windows\PFRO.log 2015-05-29 14:17 - 2014-12-11 18:43 - 00039070 _____ () C:\Windows\setupact.log 2015-05-29 14:17 - 2013-05-26 12:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-29 14:17 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-29 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-29 13:44 - 2015-03-12 16:47 - 00000000 ____D () C:\AdwCleaner 2015-05-28 21:39 - 2013-06-14 20:40 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\TS3Client 2015-05-28 21:32 - 2015-04-05 17:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net 2015-05-28 19:03 - 2015-03-12 15:08 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe 2015-05-28 19:01 - 2015-03-01 16:40 - 00000000 ____D () C:\Users\Nick\Desktop\Blitz GrandPrix 2015-05-27 21:23 - 2015-03-19 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Local\osu! 2015-05-27 20:20 - 2014-07-25 16:39 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-25 22:58 - 2014-11-14 15:48 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.minecraft 2015-05-25 21:48 - 2013-05-25 18:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps 2015-05-25 19:31 - 2013-05-26 12:51 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-24 21:41 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Nick\Desktop\Chat Test 2015-05-24 21:37 - 2014-07-04 20:36 - 93089657 _____ () C:\Users\Nick\Desktop\Mod-Pack.zip 2015-05-24 21:30 - 2014-11-04 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-05-24 21:30 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-05-24 21:29 - 2013-05-22 11:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-05-24 20:41 - 2014-11-04 21:18 - 00001401 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2015-05-24 12:57 - 2013-12-22 18:20 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\FIFA 13 2015-05-23 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-23 14:41 - 2013-08-05 14:28 - 00000948 _____ () C:\Users\Nick\Desktop\lol.txt 2015-05-22 14:57 - 2013-12-31 15:29 - 04697768 _____ () C:\Users\Nick\Desktop\TechnicLauncher.exe 2015-05-22 14:57 - 2013-08-27 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.technic 2015-05-21 21:00 - 2015-04-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-20 17:46 - 2015-03-22 17:40 - 37648082 _____ () C:\Users\Nick\Desktop\pi_data.txt 2015-05-20 17:35 - 2015-04-05 17:52 - 00000490 _____ () C:\Users\Nick\Desktop\cpuz.ini 2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-17 18:23 - 2013-05-26 12:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 18:23 - 2013-05-26 12:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 17:57 - 2014-12-18 19:19 - 00000000 ____D () C:\Users\Nick\Desktop\Partien 2015-05-16 15:19 - 2011-04-12 09:43 - 00700012 _____ () C:\Windows\system32\perfh007.dat 2015-05-16 15:19 - 2011-04-12 09:43 - 00149604 _____ () C:\Windows\system32\perfc007.dat 2015-05-16 15:19 - 2009-07-14 07:13 - 01622382 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-15 16:36 - 2014-03-15 17:05 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\TmForever 2015-05-14 21:59 - 2015-04-05 20:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-05-14 20:04 - 2009-07-14 06:45 - 00314448 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-14 20:01 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 23:45 - 2013-05-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-05-13 23:45 - 2013-04-23 10:14 - 01649064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-13 23:44 - 2013-08-14 16:28 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 23:39 - 2013-08-10 12:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 23:37 - 2013-08-13 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 22:51 - 2014-06-20 23:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-05-13 19:22 - 2014-07-09 18:07 - 00007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg 2015-05-13 16:09 - 2015-04-05 17:24 - 00000000 ____D () C:\Program Files (x86)\StarCraft II 2015-05-13 08:52 - 2014-08-19 22:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-05-12 20:55 - 2013-05-25 11:51 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Audacity 2015-05-12 20:49 - 2014-12-05 13:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 16:58 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-12 08:27 - 2014-09-27 21:59 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-05-12 08:27 - 2014-09-27 21:59 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-05-12 08:27 - 2014-08-19 22:13 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-05-12 08:27 - 2013-04-18 08:36 - 00031710 _____ () C:\Windows\system32\nvinfo.pb 2015-05-12 05:30 - 2013-05-22 11:52 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-05-12 05:30 - 2013-05-22 11:52 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-05-12 05:30 - 2013-05-22 11:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-05-11 19:01 - 2013-05-22 11:52 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin 2015-05-11 17:23 - 2015-01-08 22:07 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-05-11 17:23 - 2015-01-08 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-05-11 17:12 - 2013-05-29 16:31 - 00000000 ____D () C:\ProgramData\Skype 2015-05-08 02:35 - 2014-11-04 21:18 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-05-08 02:35 - 2014-11-04 21:18 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-05-08 02:34 - 2014-11-04 21:18 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-05-08 02:34 - 2014-11-04 21:18 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-05-07 22:01 - 2014-05-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-07 22:00 - 2014-05-14 18:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-07 22:00 - 2014-05-14 18:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys ==================== Files in the root of some directories ======= 2014-07-04 21:16 - 2014-07-04 21:16 - 0046080 ___SH () C:\Users\Nick\AppData\Roaming\Thumbs.db 2015-04-23 19:23 - 2015-04-23 19:23 - 0000218 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel 2014-07-09 18:07 - 2015-05-13 19:22 - 0007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg 2013-06-23 11:34 - 2013-10-25 19:21 - 0001700 _____ () C:\ProgramData\hpzinstall.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LmeUSB.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002688 _____ () C:\ProgramData\LmeZJSW.log 2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LSDmbTH.log Some files in TEMP: ==================== C:\Users\Nick\AppData\Local\Temp\avgnt.exe C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfeurb_.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 16:21 ==================== End of log ============================ |
31.05.2015, 12:54 | #7 |
/// TB-Ausbilder | MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Ok, dann noch ESET Scan, der dauert länger: ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
31.05.2015, 17:28 | #8 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft log.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c32259f05fd5df4cbb9aba7b430bee56 # engine=24107 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-31 03:57:10 # local_time=2015-05-31 05:57:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 33004790 184717680 0 0 # scanned=414782 # found=0 # cleaned=0 # scan_time=9732 |
31.05.2015, 19:04 | #9 |
/// TB-Ausbilder | MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Die Logs sind jetzt sauber. Adobe Flash Player 10 ActiveX noch deinstallieren. Gabs weiterhin diese Chrome Abstürze + Aero Design Meldung ? Ansonsten: Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
31.05.2015, 19:45 | #10 |
| MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Ja es gab gestern abend noch eine Design Meldung... soll ich die Schritte trotzdem ausführen? |
01.06.2015, 11:29 | #11 |
/// TB-Ausbilder | MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft Ich würd dir raten, den Google Chrome komplett zu deinstallieren und neu zu installieren und dann weiter zu beobachten, ob das Verhalten erneut auftritt.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
Themen zu MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft |
aero design, blacklist, bootstrap.js, fehlercode 0x40000015, fehlercode 22, fehlercode 31, fehlercode windows, homepage, malwarebytes, microsoft, neustart, newtab, programm, pup.optional.ask.a, pup.optional.securityutility.a, software, super, this device is disabled. (code 22), trojan.agent |