| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Versteckte hyperlinks zu StampliveWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2015, 16:31
| #1 |
| |  Versteckte hyperlinks zu Stamplive Ich habe wie man im Titel schon sieht das Problem, dass ich wenn ich im Internet surfe und irgendwo hin klicke, ein neuer tab aufgeht mit der Internetsite stamplive. Könnt ihr mir bitte zeigen, wie man die versteckten links entfernt. Schonmal danke im voraus. |
|
16.06.2015, 16:35
| #2 |
| /// the machine /// TB-Ausbilder    | Versteckte hyperlinks zu Stamplive hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.06.2015, 16:45
| #3 |
| | Versteckte hyperlinks zu Stamplive FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Fabian (administrator) on MSI-LAPTOP on 16-06-2015 17:40:24
Running from C:\Users\Fabian\Downloads
Loaded Profiles: Fabian (Available Profiles: Fabian & andyh_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Fabian\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-10-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-10-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408744 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1562504 2013-05-02] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Area ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\MountPoints2: {b0c24991-98b6-11e4-826f-448a5bef406e} - "F:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181750377-55683798-1376771009-1001 -> {E8131295-A219-43E2-BC5C-0A413E43F7FC} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{0F1611EC-4C06-41DD-831C-69825A095822}: [NameServer] 192.168.178.201,192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-02] (BitRaider, LLC)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [69120 2013-10-22] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-10-27] (ELAN Microelectronics Corp.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2014-10-27] (Advanced Micro Devices)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-22] (BitRaider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-13] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [554712 2014-10-27] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 17:40 - 2015-06-16 17:40 - 00024318 _____ C:\Users\Fabian\Downloads\FRST.txt
2015-06-16 17:40 - 2015-06-16 17:40 - 00000000 ____D C:\FRST
2015-06-16 17:09 - 2015-06-16 17:10 - 02945901 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2015-06-16 17:09 - 2015-06-16 17:09 - 02109952 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2015-06-16 17:05 - 2015-06-16 17:07 - 00000000 ____D C:\AdwCleaner
2015-06-16 17:04 - 2015-06-16 17:04 - 02231296 _____ C:\Users\Fabian\Downloads\AdwCleaner_4.206.exe
2015-06-13 16:21 - 2015-06-13 16:21 - 00003334 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Enigma Software Group
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\sh4ldr
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 _____ C:\autoexec.bat
2015-06-13 16:20 - 2015-06-13 16:20 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabian\Downloads\SpyHunter-Installer.exe
2015-06-13 16:20 - 2015-06-13 16:20 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-06-11 17:53 - 2015-06-11 17:53 - 00000000 ____D C:\Users\Fabian\AppData\Local\GWX
2015-06-11 16:18 - 2015-06-11 16:18 - 00512536 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\echoofsoul_de_downloader.exe
2015-06-09 20:26 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 20:26 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 20:26 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 20:26 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 20:26 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 20:26 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 20:26 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 20:26 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 20:26 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 20:26 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 20:26 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 20:26 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 20:26 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 20:26 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 20:26 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 20:26 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 20:26 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 20:26 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 20:26 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 20:26 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 20:26 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 20:26 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 20:26 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 20:26 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 20:26 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 20:26 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 20:26 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 20:26 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 20:26 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 20:26 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 20:26 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 20:26 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 20:26 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 20:26 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 20:26 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 20:26 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 20:26 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 20:26 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 20:26 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 20:26 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 20:26 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 20:25 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 20:25 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 20:25 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 20:25 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 20:25 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 20:25 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 20:25 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 20:25 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 20:25 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 20:25 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 13:56 - 2015-06-15 17:26 - 00000000 ____D C:\Users\Fabian\AppData\Local\nuclearthrone
2015-06-05 13:55 - 2015-06-05 13:55 - 00000202 _____ C:\Users\Fabian\Desktop\Nuclear Throne.url
2015-05-21 16:41 - 2015-05-21 16:41 - 00000805 _____ C:\Users\Fabian\Desktop\S4 League.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00001526 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-05-19 18:03 - 2015-05-19 18:03 - 03541664 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\aeria_ignite_install.exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (8).exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (7).exe
2015-05-17 11:05 - 2015-05-17 11:05 - 00125138 _____ C:\Users\Fabian\Downloads\XRay-1.8.1-v2.15.2.jar
2015-05-17 10:55 - 2015-05-17 10:55 - 01748123 _____ C:\Users\Fabian\Downloads\fml-1.8-7.10.98.1004-1.8-installer.jar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 17:37 - 2014-12-24 20:09 - 01365754 _____ C:\Windows\WindowsUpdate.log
2015-06-16 17:35 - 2014-12-24 20:15 - 00000000 ____D C:\Users\Fabian\OneDrive
2015-06-16 17:24 - 2014-12-24 20:19 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3181750377-55683798-1376771009-1001
2015-06-16 17:23 - 2014-12-24 20:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-16 17:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-16 17:14 - 2014-04-30 18:36 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-06-16 17:14 - 2014-04-30 18:36 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-06-16 17:14 - 2014-04-30 18:11 - 00440760 _____ C:\Windows\system32\perfh014.dat
2015-06-16 17:14 - 2014-04-30 18:11 - 00076914 _____ C:\Windows\system32\perfc014.dat
2015-06-16 17:14 - 2014-04-30 17:02 - 00541792 _____ C:\Windows\system32\perfh008.dat
2015-06-16 17:14 - 2014-04-30 17:02 - 00088858 _____ C:\Windows\system32\perfc008.dat
2015-06-16 17:14 - 2014-04-30 16:55 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-16 17:14 - 2014-04-30 16:55 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-16 17:14 - 2014-03-18 11:03 - 03851932 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 17:09 - 2015-01-02 20:58 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Skype
2015-06-16 17:08 - 2014-12-24 20:16 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 17:08 - 2014-12-24 20:12 - 00190089 _____ C:\Users\Fabian\AppData\Local\BTServer.log
2015-06-16 17:08 - 2013-08-22 15:46 - 00034009 _____ C:\Windows\setupact.log
2015-06-16 17:08 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 17:07 - 2014-12-24 20:16 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 17:07 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-16 17:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-16 17:01 - 2014-12-24 20:15 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A39D28A4-299E-4E02-AC02-F935541E2DBA}
2015-06-15 17:21 - 2014-12-24 20:43 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2015-06-15 17:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-13 16:21 - 2014-12-24 20:11 - 00000000 ____D C:\Users\Fabian
2015-06-11 19:51 - 2014-12-25 19:53 - 00000000 ____D C:\ProgramData\Aeria Games
2015-06-11 19:32 - 2014-12-24 21:28 - 00000000 ____D C:\Users\Fabian\AppData\Local\CrashDumps
2015-06-11 17:57 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 17:54 - 2015-01-02 20:58 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 17:08 - 2015-01-24 15:58 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 17:05 - 2015-05-14 07:30 - 00837536 _____ C:\ProgramData\yvd_ie_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 02032503 _____ C:\ProgramData\yvd_chrome_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 01529534 _____ C:\ProgramData\yvd_firefox_se.exe
2015-06-11 17:05 - 2015-01-02 20:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-11 17:04 - 2014-03-18 10:54 - 01443340 _____ C:\Windows\PFRO.log
2015-06-11 17:04 - 2013-08-22 15:44 - 00431968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:01 - 2015-01-25 18:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 16:57 - 2014-12-24 21:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 16:49 - 2014-12-24 21:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-03 17:18 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 17:18 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 17:03 - 2015-04-30 18:27 - 00101376 ___SH C:\Users\Fabian\Desktop\Thumbs.db
2015-05-21 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-21 16:34 - 2014-12-25 19:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-05-19 18:01 - 2015-02-16 22:12 - 00000020 _____ C:\Users\Fabian\AppData\Roaming\appdataFr3.bin
2015-05-19 17:57 - 2014-12-25 20:49 - 00000000 ____D C:\Users\Fabian\Downloads\Gameforge Live
2015-05-17 11:02 - 2014-12-24 20:16 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 11:02 - 2014-12-24 20:16 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2015-02-16 22:12 - 2015-05-19 18:01 - 0000020 _____ () C:\Users\Fabian\AppData\Roaming\appdataFr3.bin
2014-12-24 20:12 - 2015-06-16 17:08 - 0190089 _____ () C:\Users\Fabian\AppData\Local\BTServer.log
2015-01-14 19:22 - 2015-01-14 19:22 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 1529534 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-05-14 07:30 - 2015-06-11 17:05 - 0837536 _____ () C:\ProgramData\yvd_ie_se.exe
Files to move or delete:
====================
C:\ProgramData\cryptoDrvUpdate.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe
Some files in TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\12212_offer.exe
C:\Users\Fabian\AppData\Local\Temp\12235_offer.exe
C:\Users\Fabian\AppData\Local\Temp\13839_offer.exe
C:\Users\Fabian\AppData\Local\Temp\14560_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17077_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17131_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17516_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17831_offer.exe
C:\Users\Fabian\AppData\Local\Temp\18199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\19345_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20063_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20391_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21189_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21223_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24385_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24517_offer.exe
C:\Users\Fabian\AppData\Local\Temp\26196_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28086_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28629_offer.exe
C:\Users\Fabian\AppData\Local\Temp\2963_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30789_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30835_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31155_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31441_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31986_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32662_offer.exe
C:\Users\Fabian\AppData\Local\Temp\3597_offer.exe
C:\Users\Fabian\AppData\Local\Temp\53e50041d7a934ed4b5edb72a447ebb2.dll
C:\Users\Fabian\AppData\Local\Temp\6158_offer.exe
C:\Users\Fabian\AppData\Local\Temp\8966_offer.exe
C:\Users\Fabian\AppData\Local\Temp\9957_offer.exe
C:\Users\Fabian\AppData\Local\Temp\COMAP.EXE
C:\Users\Fabian\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Fabian\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jsonparser.dll
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian\AppData\Local\Temp\sqlite3.exe
C:\Users\Fabian\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_1976.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-11 17:15
==================== End of log ============================
Addition.txt: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Fabian at 2015-06-16 17:41:02
Running from C:\Users\Fabian\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3181750377-55683798-1376771009-500 - Administrator - Disabled)
andyh_000 (S-1-5-21-3181750377-55683798-1376771009-1004 - Administrator - Enabled) => C:\Users\andyh_000
Fabian (S-1-5-21-3181750377-55683798-1376771009-1001 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-3181750377-55683798-1376771009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3181750377-55683798-1376771009-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{AA9BE01D-FE61-4B4C-C0C9-F68303FFC581}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1408.201 - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1401.0201 - Application)
Dragon Gaming Center (x32 Version: 1.0.1401.0201 - Application) Hidden
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.13.4.4_WHQL (HKLM\...\Elantech) (Version: 11.13.4.4 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
In Verbis Virtus (HKLM-x32\...\Steam App 242840) (Version: - Indomitus Games)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.2.1304.2201 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.2.1304.2201 - Micro-Star International Co., Ltd.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mini Notepad (HKLM-x32\...\{1E38F0E0-5499-CDAF-F946-BA3D053AABC2}) (Version: - "")
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version: - Vlambeer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Raccolta foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.780.780.102113 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0231 - )
S4 League (HKLM-x32\...\S4 League) (Version: - )
SCM (HKLM\...\{44E11251-1638-4D77-950F-2D177D34F7E3}) (Version: 10.014.01026 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Valokuvavalikoima (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wow search (HKLM-x32\...\wow search) (Version: 1.0.11 - )
Συλλογή φωτογραφιών (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1125A1C9-D576-4F32-A5D0-60983FF8FD64} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {1F5D5B86-DDDE-4FA9-8C1E-B7B4DB7384C0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5BCA1076-E270-4D2B-8823-94A78E1416BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {62FB7A18-AD0C-4DAB-A936-666059E8A7F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {6C736F43-09D7-47B2-AB7E-36688FF011E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7C21351F-DC7F-41CF-A4F0-47C53F3521B5} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {7C63B347-376E-4BF8-B598-1C5B58A0C3D3} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe <==== ATTENTION
Task: {BE3E0837-084A-47D7-95C3-A07C8C3FC11E} - System32\Tasks\MSI_OnlineRegister => C:\Program Files (x86)\MSI\MSI Remind Manager\MSIOnlineRegister.exe [2014-08-15] ()
Task: {CB661C24-60B7-415D-892B-9E39D288879A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {CF3C375D-448F-48B6-AB90-5E82BEF2855B} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {D23BA252-9538-4146-98CE-FB9784976B1B} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe [2014-01-06] (Micro-Star International Co., Ltd.)
Task: {D38E93AA-30DB-4150-BF3D-82CC5978E10B} - System32\Tasks\{5D0D4A9A-D407-40C4-9312-04C8FBDEE00F} => pcalua.exe -a C:\Users\Fabian\Downloads\RazerSurroundInstaller_v2.00.10.exe -d C:\Users\Fabian\Downloads
Task: {ED442D20-272F-41ED-A42A-1CFB90425531} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EF616450-7D66-440D-9D2A-C3B4C25A862B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {F5245218-D769-4F10-B6AE-C3F03FD92A1A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {FE5B41E9-16FB-4217-AEF6-C745D9EACD36} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-28 03:10 - 2013-10-22 01:06 - 00069120 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-05-23 17:15 - 2013-05-23 17:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2014-10-28 03:24 - 2012-11-01 19:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-28 03:24 - 2012-11-01 19:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-08-08 22:35 - 2013-08-08 22:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-03-14 06:49 - 2015-03-14 06:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-06-11 17:08 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 17:08 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-02-02 08:52 - 2015-02-02 08:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-05-16 16:48 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-05-16 16:48 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-05-16 16:48 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\andyh_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Fabian\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\aeriagames.com -> hxxp://aeriagames.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: 192.168.178.201 - 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Registry Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E7D73BB-7E6F-4151-9873-3DE155E61AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{80C8799B-C4A3-45D3-8EAF-561DC6575FD6}] => (Allow) LPort=2869
FirewallRules: [{A3E3A157-8298-42C5-81B5-4E33745E3FCF}] => (Allow) LPort=1900
FirewallRules: [{310612AA-B43C-4BB8-8C1F-44E8D8763275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{0B6754BE-597B-4CC2-B100-89C9C46C0596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0C92F3F3-04C1-46A8-AF9B-39CAA6317E73}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{2C6AB9CC-7154-4A73-B22A-11E7BDDC9F44}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{BC64A99D-81E3-4B8B-8A9F-060DD19A5084}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{99155AD2-AC7C-4863-A431-AED433A769A4}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{B6C983DC-9730-4052-B652-67DA6922F639}] => (Allow) D:\steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8161F232-66D2-4C22-9E5D-B7D28F843CEF}] => (Allow) D:\steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{FB273F34-7435-49EC-A04C-D0C78D09EA1A}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{0305C470-DCB7-4295-85F8-0E08ECEC3042}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{570E2CE5-F00F-4388-9977-CB937420FD22}] => (Allow) D:\steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{EE302259-C6A6-44C2-B694-B6C845C211BF}] => (Allow) D:\steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{762E2379-C8BF-4082-8CC0-50BA9DE7A93A}] => (Allow) D:\steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{FF6BEC72-D468-4900-BAAC-0A620DAB1976}] => (Allow) D:\steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{2F749B9B-0720-42C2-BAA4-AA88CBBD731A}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{FB535255-6D19-4691-A869-1F80AFB6B4F9}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{BF4132F0-125A-4C73-882D-EE5A7A35D07F}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{93EA14DD-FB62-49E0-8DB2-369598176759}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9CC346A0-142A-4A73-A60B-6A42DDF6B273}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{8EE30774-F6BA-4AED-B77C-020491F500C5}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F176D48B-2C6C-4737-BED7-793FE3962D2E}] => (Allow) D:\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{CD0ED6F5-E39A-4983-8043-4EC49590D861}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D86FD85E-7F0B-4D70-9AAF-9018586A7A8E}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B717798D-C783-4E01-A734-79E4520CC85F}] => (Allow) D:\steam\steamapps\common\In Verbis Virtus\Binaries\Win32\IVV.exe
FirewallRules: [{ADEE6155-3849-443C-9451-BE70EA23AEDD}] => (Allow) D:\steam\steamapps\common\In Verbis Virtus\Binaries\Win32\IVV.exe
FirewallRules: [{0C82177F-C46D-4EB5-8567-1BCD32B4F1A5}] => (Allow) D:\steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{A0720D28-9D02-4930-A7BB-DA29BAEC3DC0}] => (Allow) D:\steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B06AC238-23C3-4646-BDF1-4836C9215347}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{F471C912-526E-45FA-A98F-9A10B9B3E970}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{46A5512F-9983-4450-8161-510060691394}] => (Allow) D:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{51F424DE-DEE4-457F-BCF2-5F1A5416B92D}] => (Allow) D:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{30A20E5A-41E1-416A-8C47-0236166855D1}] => (Allow) D:\steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{8B6F6C1A-DA2B-4743-8FDE-AE57811D65E2}] => (Allow) D:\steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{CE679342-D05A-4B84-8CA6-05EC1F06AAF3}] => (Allow) D:\steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{575BD032-13D0-4218-A2DD-23A7E427FCF6}] => (Allow) D:\steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{86F4BB21-A39F-48D8-8A01-616635D8E0A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 05:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2cb8
Startzeit: 01d0a5f123510c00
Endzeit: 12153
Anwendungspfad: D:\steam\steam.exe
Berichts-ID: fc9cf060-137a-11e5-82a0-448a5bef406e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2015 05:21:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (06/13/2015 06:14:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/11/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x2630
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3
Vollständiger Name des fehlerhaften Pakets: LolClient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LolClient.exe5
Error: (06/11/2015 05:46:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WinRE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (06/11/2015 05:20:34 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/11/2015 05:17:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/11/2015 05:04:50 PM) (Source: Registry Helper Service) (EventID: 109) (User: )
Description: Service started
Error: (06/11/2015 04:34:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI-LAPTOP)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/11/2015 04:34:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI-LAPTOP)
Description: Bei der Aktivierung der App „Microsoft.WindowsReadingList_8wekyb3d8bbwe!Microsoft.WindowsReadingList“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/16/2015 05:08:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/16/2015 05:07:41 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (06/16/2015 05:07:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 05:07:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 05:07:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 05:07:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (06/16/2015 05:07:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/16/2015 05:07:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 05:07:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/15/2015 05:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: steam.exe2.81.34.62cb801d0a5f123510c0012153D:\steam\steam.exefc9cf060-137a-11e5-82a0-448a5bef406e
Error: (06/15/2015 05:21:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (06/13/2015 06:14:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/11/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76263001d0a46f5990f4d3D:\lol\RADS\projects\lol_air_client\releases\0.0.1.148\deploy\LolClient.exeD:\lol\RADS\projects\lol_air_client\releases\0.0.1.148\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll243e6a68-1068-11e5-82a0-448a5bef406e
Error: (06/11/2015 05:46:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WinRE toolsFalscher Parameter. (0x80070057)
Error: (06/11/2015 05:20:34 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/11/2015 05:17:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/11/2015 05:04:50 PM) (Source: Registry Helper Service) (EventID: 109) (User: )
Description: Service started
Error: (06/11/2015 04:34:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI-LAPTOP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
Error: (06/11/2015 04:34:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI-LAPTOP)
Description: Microsoft.WindowsReadingList_8wekyb3d8bbwe!Microsoft.WindowsReadingList-2144927142
CodeIntegrity Errors:
===================================
Date: 2015-06-11 17:55:06.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:38:12.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:37:23.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:37:14.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-21 16:28:33.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 18:03:13.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-19 20:42:17.124
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-19 19:48:45.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-16 22:46:16.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-16 17:09:02.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 7364.21 MB
Available physical RAM: 4766.35 MB
Total Pagefile: 8516.21 MB
Available Pagefile: 5184.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:62.37 GB) NTFS
Drive d: (Data) (Fixed) (Total:913.38 GB) (Free:753.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: EB72DB9C)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EB72DA7A)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
17.06.2015, 15:05
| #4 |
| /// the machine /// TB-Ausbilder | Versteckte hyperlinks zu Stamplive Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2015, 20:41
| #5 |
| | Versteckte hyperlinks zu StampliveCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.06.2015 Suchlauf-Zeit: 20:59:14 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.17.04 Rootkit Datenbank: v2015.06.15.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Fabian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 397600 Verstrichene Zeit: 11 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 4 PUP.Optional.WowSearch.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}, In Quarantäne, [4b2ead9687030d293213120d3cc74cb4], PUP.Optional.WowSearch.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, In Quarantäne, [4b2ead9687030d293213120d3cc74cb4], PUP.Optional.WowSearch.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, In Quarantäne, [4b2ead9687030d293213120d3cc74cb4], PUP.Optional.WowSearch.A, HKU\S-1-5-21-3181750377-55683798-1376771009-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, In Quarantäne, [4b2ead9687030d293213120d3cc74cb4], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 6 PUP.Optional.Yappyz.A, C:\Users\Fabian\AppData\Roaming\Angry_Birds_Space\Angry_Birds_Space.exe, In Quarantäne, [32475be8b3d71a1c574ac33d13ef8977], PUP.Optional.LiveSoftAction, C:\Users\Fabian\Downloads\Angry Birds Space angeboten von Ads Med Network CPA (1).exe, In Quarantäne, [4b2e2f14f199e155eac11cf84fb7aa56], PUP.Optional.LiveSoftAction, C:\Users\Fabian\Downloads\Angry Birds Space angeboten von Ads Med Network CPA (2).exe, In Quarantäne, [9fda82c1f79374c28526bf55fd09c040], PUP.Optional.LiveSoftAction, C:\Users\Fabian\Downloads\Angry Birds Space angeboten von Ads Med Network CPA.exe, In Quarantäne, [71084ef5addd3600911aad679d69bb45], PUP.Optional.UTop.A, C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, In Quarantäne, [a4d5bf842e5c79bdece7674c6b98e21e], PUP.Optional.UTop.A, C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, In Quarantäne, [0970d66d503a3ff7b51e7241a85bdc24], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 20:54:01
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Fabian - MSI-LAPTOP
# Gestarted von : C:\Users\Fabian\Downloads\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.124
*************************
AdwCleaner[R0].txt - [16846 Bytes] - [16/06/2015 17:05:11]
AdwCleaner[R1].txt - [998 Bytes] - [17/06/2015 20:52:21]
AdwCleaner[S0].txt - [16124 Bytes] - [16/06/2015 17:07:09]
AdwCleaner[S1].txt - [919 Bytes] - [17/06/2015 20:54:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [977 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.9 (06.16.2015:2)
OS: Windows 8.1 x64
Ran by Fabian on 17.06.2015 at 21:30:14,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\SpyHunter4Startup
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Fabian\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Fabian\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Fabian\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\12442149642831810872
~~~ Chrome
[C:\Users\Fabian\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Fabian\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Fabian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Fabian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 21:36:10,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Fabian (administrator) on MSI-LAPTOP on 17-06-2015 21:37:15
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available Profiles: Fabian & andyh_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-10-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-10-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408744 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1562504 2013-05-02] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Area ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\MountPoints2: {b0c24991-98b6-11e4-826f-448a5bef406e} - "F:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3181750377-55683798-1376771009-1001 -> {E8131295-A219-43E2-BC5C-0A413E43F7FC} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{0F1611EC-4C06-41DD-831C-69825A095822}: [NameServer] 192.168.178.201,192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-02] (BitRaider, LLC)
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [69120 2013-10-22] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-10-27] (ELAN Microelectronics Corp.)
S2 MBAMScheduler; D:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2014-10-27] (Advanced Micro Devices)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-22] (BitRaider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-13] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [554712 2014-10-27] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 21:37 - 2015-06-17 21:37 - 00020930 _____ C:\Users\Fabian\Desktop\FRST.txt
2015-06-17 21:36 - 2015-06-17 21:36 - 00001593 _____ C:\Users\Fabian\Desktop\JRT.txt
2015-06-17 21:33 - 2015-06-16 17:10 - 02945901 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-06-17 21:29 - 2015-06-17 21:29 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MSI-LAPTOP-Windows-8.1-(64-bit).dat
2015-06-17 21:29 - 2015-06-17 21:29 - 00000000 ____D C:\RegBackup
2015-06-17 21:28 - 2015-06-17 21:28 - 00002903 _____ C:\Users\Fabian\Desktop\mbam.txt
2015-06-17 20:59 - 2015-06-17 20:59 - 00001056 _____ C:\Users\Fabian\Desktop\AdwCleaner[S1].txt
2015-06-17 20:58 - 2015-06-17 21:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 20:58 - 2015-06-17 20:58 - 00000641 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 20:58 - 2015-06-17 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 20:58 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-17 20:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 20:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 21:49 - 2015-06-16 21:49 - 00001740 _____ C:\Users\Fabian\Desktop\Echo of Soul.lnk
2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-06-16 21:40 - 2015-06-16 21:50 - 00000000 ____D C:\Users\Fabian\EOS
2015-06-16 17:41 - 2015-06-16 17:41 - 00040497 _____ C:\Users\Fabian\Downloads\Addition.txt
2015-06-16 17:40 - 2015-06-17 21:37 - 00000000 ____D C:\FRST
2015-06-16 17:40 - 2015-06-16 17:41 - 00043360 _____ C:\Users\Fabian\Downloads\FRST.txt
2015-06-16 17:09 - 2015-06-16 17:10 - 02945901 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2015-06-16 17:09 - 2015-06-16 17:09 - 02109952 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-06-16 17:05 - 2015-06-17 20:54 - 00000000 ____D C:\AdwCleaner
2015-06-16 17:04 - 2015-06-16 17:04 - 02231296 _____ C:\Users\Fabian\Desktop\AdwCleaner_4.206.exe
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Enigma Software Group
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\sh4ldr
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 _____ C:\autoexec.bat
2015-06-13 16:20 - 2015-06-13 16:20 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-06-11 17:53 - 2015-06-11 17:53 - 00000000 ____D C:\Users\Fabian\AppData\Local\GWX
2015-06-11 16:18 - 2015-06-11 16:18 - 00512536 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\echoofsoul_de_downloader.exe
2015-06-09 20:26 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 20:26 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 20:26 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 20:26 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 20:26 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 20:26 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 20:26 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 20:26 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 20:26 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 20:26 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 20:26 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 20:26 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 20:26 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 20:26 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 20:26 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 20:26 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 20:26 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 20:26 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 20:26 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 20:26 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 20:26 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 20:26 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 20:26 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 20:26 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 20:26 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 20:26 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 20:26 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 20:26 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 20:26 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 20:26 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 20:26 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 20:26 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 20:26 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 20:26 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 20:26 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 20:26 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 20:26 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 20:26 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 20:26 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 20:26 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 20:26 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 20:25 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 20:25 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 20:25 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 20:25 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 20:25 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 20:25 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 20:25 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 20:25 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 20:25 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 20:25 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 13:56 - 2015-06-15 17:26 - 00000000 ____D C:\Users\Fabian\AppData\Local\nuclearthrone
2015-06-05 13:55 - 2015-06-05 13:55 - 00000202 _____ C:\Users\Fabian\Desktop\Nuclear Throne.url
2015-05-21 16:41 - 2015-05-21 16:41 - 00000805 _____ C:\Users\Fabian\Desktop\S4 League.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00001526 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-05-19 18:03 - 2015-05-19 18:03 - 03541664 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\aeria_ignite_install.exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (8).exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (7).exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 21:37 - 2014-12-24 20:09 - 01575698 _____ C:\Windows\WindowsUpdate.log
2015-06-17 21:35 - 2015-01-02 20:58 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Skype
2015-06-17 21:26 - 2014-12-24 20:16 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 21:26 - 2014-12-24 20:15 - 00000000 ___RD C:\Users\Fabian\OneDrive
2015-06-17 21:26 - 2014-12-24 20:12 - 00192432 _____ C:\Users\Fabian\AppData\Local\BTServer.log
2015-06-17 21:25 - 2015-01-10 13:03 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Angry_Birds_Space
2015-06-17 21:25 - 2014-12-24 20:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-17 21:25 - 2014-03-18 10:54 - 01445600 _____ C:\Windows\PFRO.log
2015-06-17 21:25 - 2013-08-22 15:46 - 00034241 _____ C:\Windows\setupact.log
2015-06-17 21:25 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 21:25 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-17 21:18 - 2014-12-24 20:19 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3181750377-55683798-1376771009-1001
2015-06-17 21:07 - 2014-12-24 20:16 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 21:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-17 21:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-17 21:00 - 2014-04-30 18:36 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-06-17 21:00 - 2014-04-30 18:36 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-06-17 21:00 - 2014-04-30 18:11 - 00440760 _____ C:\Windows\system32\perfh014.dat
2015-06-17 21:00 - 2014-04-30 18:11 - 00076914 _____ C:\Windows\system32\perfc014.dat
2015-06-17 21:00 - 2014-04-30 17:02 - 00541792 _____ C:\Windows\system32\perfh008.dat
2015-06-17 21:00 - 2014-04-30 17:02 - 00088858 _____ C:\Windows\system32\perfc008.dat
2015-06-17 21:00 - 2014-04-30 16:55 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-17 21:00 - 2014-04-30 16:55 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-17 21:00 - 2014-03-18 11:03 - 03851932 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 21:40 - 2014-12-25 19:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-16 21:40 - 2014-12-24 20:11 - 00000000 ____D C:\Users\Fabian
2015-06-16 17:01 - 2014-12-24 20:15 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A39D28A4-299E-4E02-AC02-F935541E2DBA}
2015-06-15 17:21 - 2014-12-24 20:43 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2015-06-15 17:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-11 19:51 - 2014-12-25 19:53 - 00000000 ____D C:\ProgramData\Aeria Games
2015-06-11 19:32 - 2014-12-24 21:28 - 00000000 ____D C:\Users\Fabian\AppData\Local\CrashDumps
2015-06-11 17:57 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 17:54 - 2015-01-02 20:58 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 17:08 - 2015-01-24 15:58 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 17:05 - 2015-05-14 07:30 - 00837536 _____ C:\ProgramData\yvd_ie_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 02032503 _____ C:\ProgramData\yvd_chrome_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 01529534 _____ C:\ProgramData\yvd_firefox_se.exe
2015-06-11 17:05 - 2015-01-02 20:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-11 17:04 - 2013-08-22 15:44 - 00431968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:01 - 2015-01-25 18:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 16:57 - 2014-12-24 21:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 16:49 - 2014-12-24 21:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-03 17:18 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 17:18 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 17:03 - 2015-04-30 18:27 - 00101376 ___SH C:\Users\Fabian\Desktop\Thumbs.db
2015-05-21 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-19 17:57 - 2014-12-25 20:49 - 00000000 ____D C:\Users\Fabian\Downloads\Gameforge Live
==================== Files in the root of some directories =======
2014-12-24 20:12 - 2015-06-17 21:26 - 0192432 _____ () C:\Users\Fabian\AppData\Local\BTServer.log
2015-01-14 19:22 - 2015-01-14 19:22 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 1529534 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-05-14 07:30 - 2015-06-11 17:05 - 0837536 _____ () C:\ProgramData\yvd_ie_se.exe
Files to move or delete:
====================
C:\ProgramData\cryptoDrvUpdate.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe
Some files in TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\12212_offer.exe
C:\Users\Fabian\AppData\Local\Temp\12235_offer.exe
C:\Users\Fabian\AppData\Local\Temp\13839_offer.exe
C:\Users\Fabian\AppData\Local\Temp\14560_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17077_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17131_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17516_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17831_offer.exe
C:\Users\Fabian\AppData\Local\Temp\18199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\19345_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20063_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20391_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21189_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21223_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24385_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24517_offer.exe
C:\Users\Fabian\AppData\Local\Temp\26196_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28086_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28629_offer.exe
C:\Users\Fabian\AppData\Local\Temp\2963_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30789_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30835_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31155_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31441_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31986_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32662_offer.exe
C:\Users\Fabian\AppData\Local\Temp\3597_offer.exe
C:\Users\Fabian\AppData\Local\Temp\53e50041d7a934ed4b5edb72a447ebb2.dll
C:\Users\Fabian\AppData\Local\Temp\6158_offer.exe
C:\Users\Fabian\AppData\Local\Temp\8966_offer.exe
C:\Users\Fabian\AppData\Local\Temp\9957_offer.exe
C:\Users\Fabian\AppData\Local\Temp\COMAP.EXE
C:\Users\Fabian\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Fabian\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jsonparser.dll
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian\AppData\Local\Temp\sqlite3.exe
C:\Users\Fabian\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_1976.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-17 21:18
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Fabian at 2015-06-17 21:37:54
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3181750377-55683798-1376771009-500 - Administrator - Disabled)
andyh_000 (S-1-5-21-3181750377-55683798-1376771009-1004 - Administrator - Enabled) => C:\Users\andyh_000
Fabian (S-1-5-21-3181750377-55683798-1376771009-1001 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-3181750377-55683798-1376771009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3181750377-55683798-1376771009-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{AA9BE01D-FE61-4B4C-C0C9-F68303FFC581}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1408.201 - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1401.0201 - Application)
Dragon Gaming Center (x32 Version: 1.0.1401.0201 - Application) Hidden
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version: - )
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.13.4.4_WHQL (HKLM\...\Elantech) (Version: 11.13.4.4 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
In Verbis Virtus (HKLM-x32\...\Steam App 242840) (Version: - Indomitus Games)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.2.1304.2201 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.2.1304.2201 - Micro-Star International Co., Ltd.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mini Notepad (HKLM-x32\...\{1E38F0E0-5499-CDAF-F946-BA3D053AABC2}) (Version: - "")
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version: - Vlambeer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Raccolta foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.780.780.102113 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0231 - )
S4 League (HKLM-x32\...\S4 League) (Version: - )
SCM (HKLM\...\{44E11251-1638-4D77-950F-2D177D34F7E3}) (Version: 10.014.01026 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Valokuvavalikoima (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wow search (HKLM-x32\...\wow search) (Version: 1.0.11 - )
Συλλογή φωτογραφιών (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3181750377-55683798-1376771009-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0915C245-DEFE-4F7B-8BD1-AF5AC6C8DD1B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5BCA1076-E270-4D2B-8823-94A78E1416BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {62FB7A18-AD0C-4DAB-A936-666059E8A7F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {7C21351F-DC7F-41CF-A4F0-47C53F3521B5} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {7C63B347-376E-4BF8-B598-1C5B58A0C3D3} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe <==== ATTENTION
Task: {8217D6F1-3C2F-45FD-B550-1CB8B2657C8B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8F453ABB-2A4D-44A3-A16B-B3A608EDB013} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BE3E0837-084A-47D7-95C3-A07C8C3FC11E} - System32\Tasks\MSI_OnlineRegister => C:\Program Files (x86)\MSI\MSI Remind Manager\MSIOnlineRegister.exe [2014-08-15] ()
Task: {CB661C24-60B7-415D-892B-9E39D288879A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {CF3C375D-448F-48B6-AB90-5E82BEF2855B} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {D23BA252-9538-4146-98CE-FB9784976B1B} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe [2014-01-06] (Micro-Star International Co., Ltd.)
Task: {D38E93AA-30DB-4150-BF3D-82CC5978E10B} - System32\Tasks\{5D0D4A9A-D407-40C4-9312-04C8FBDEE00F} => pcalua.exe -a C:\Users\Fabian\Downloads\RazerSurroundInstaller_v2.00.10.exe -d C:\Users\Fabian\Downloads
Task: {ED442D20-272F-41ED-A42A-1CFB90425531} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EF616450-7D66-440D-9D2A-C3B4C25A862B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {F808C473-57B0-4F43-AE79-98620AFD943B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-06-11 17:08 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 17:08 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\andyh_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Fabian\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: 192.168.178.201 - 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Registry Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E7D73BB-7E6F-4151-9873-3DE155E61AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{80C8799B-C4A3-45D3-8EAF-561DC6575FD6}] => (Allow) LPort=2869
FirewallRules: [{A3E3A157-8298-42C5-81B5-4E33745E3FCF}] => (Allow) LPort=1900
FirewallRules: [{310612AA-B43C-4BB8-8C1F-44E8D8763275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{0B6754BE-597B-4CC2-B100-89C9C46C0596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0C92F3F3-04C1-46A8-AF9B-39CAA6317E73}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{2C6AB9CC-7154-4A73-B22A-11E7BDDC9F44}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{BC64A99D-81E3-4B8B-8A9F-060DD19A5084}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{99155AD2-AC7C-4863-A431-AED433A769A4}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{B6C983DC-9730-4052-B652-67DA6922F639}] => (Allow) D:\steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8161F232-66D2-4C22-9E5D-B7D28F843CEF}] => (Allow) D:\steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{FB273F34-7435-49EC-A04C-D0C78D09EA1A}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{0305C470-DCB7-4295-85F8-0E08ECEC3042}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{570E2CE5-F00F-4388-9977-CB937420FD22}] => (Allow) D:\steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{EE302259-C6A6-44C2-B694-B6C845C211BF}] => (Allow) D:\steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{762E2379-C8BF-4082-8CC0-50BA9DE7A93A}] => (Allow) D:\steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{FF6BEC72-D468-4900-BAAC-0A620DAB1976}] => (Allow) D:\steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{2F749B9B-0720-42C2-BAA4-AA88CBBD731A}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{FB535255-6D19-4691-A869-1F80AFB6B4F9}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{BF4132F0-125A-4C73-882D-EE5A7A35D07F}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{93EA14DD-FB62-49E0-8DB2-369598176759}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9CC346A0-142A-4A73-A60B-6A42DDF6B273}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{8EE30774-F6BA-4AED-B77C-020491F500C5}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F176D48B-2C6C-4737-BED7-793FE3962D2E}] => (Allow) D:\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{CD0ED6F5-E39A-4983-8043-4EC49590D861}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D86FD85E-7F0B-4D70-9AAF-9018586A7A8E}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B717798D-C783-4E01-A734-79E4520CC85F}] => (Allow) D:\steam\steamapps\common\In Verbis Virtus\Binaries\Win32\IVV.exe
FirewallRules: [{ADEE6155-3849-443C-9451-BE70EA23AEDD}] => (Allow) D:\steam\steamapps\common\In Verbis Virtus\Binaries\Win32\IVV.exe
FirewallRules: [{0C82177F-C46D-4EB5-8567-1BCD32B4F1A5}] => (Allow) D:\steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{A0720D28-9D02-4930-A7BB-DA29BAEC3DC0}] => (Allow) D:\steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B06AC238-23C3-4646-BDF1-4836C9215347}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{F471C912-526E-45FA-A98F-9A10B9B3E970}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{46A5512F-9983-4450-8161-510060691394}] => (Allow) D:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{51F424DE-DEE4-457F-BCF2-5F1A5416B92D}] => (Allow) D:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{30A20E5A-41E1-416A-8C47-0236166855D1}] => (Allow) D:\steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{8B6F6C1A-DA2B-4743-8FDE-AE57811D65E2}] => (Allow) D:\steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{CE679342-D05A-4B84-8CA6-05EC1F06AAF3}] => (Allow) D:\steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{575BD032-13D0-4218-A2DD-23A7E427FCF6}] => (Allow) D:\steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{86F4BB21-A39F-48D8-8A01-616635D8E0A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2015 09:26:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/17/2015 09:22:44 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/17/2015 09:20:07 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/17/2015 09:19:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WinRE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (06/16/2015 06:57:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 43.0.2357.124 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 146c
Startzeit: 01d0a84ea9355785
Endzeit: 2564
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: 2de183e5-1451-11e5-82a1-448a5bef406e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2015 05:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2cb8
Startzeit: 01d0a5f123510c00
Endzeit: 12153
Anwendungspfad: D:\steam\steam.exe
Berichts-ID: fc9cf060-137a-11e5-82a0-448a5bef406e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2015 05:21:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (06/13/2015 06:14:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (06/11/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x2630
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3
Vollständiger Name des fehlerhaften Pakets: LolClient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LolClient.exe5
Error: (06/11/2015 05:46:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WinRE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (06/17/2015 09:31:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 09:31:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 09:31:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 09:31:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Qualcomm Atheros Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_SuperCharger" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Micro Star SCM" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Elan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 09:31:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BTDevManager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (06/17/2015 09:26:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/17/2015 09:22:44 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/17/2015 09:20:07 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/17/2015 09:19:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WinRE toolsFalscher Parameter. (0x80070057)
Error: (06/16/2015 06:57:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.124146c01d0a84ea93557852564C:\Program Files (x86)\Google\Chrome\Application\chrome.exe2de183e5-1451-11e5-82a1-448a5bef406e
Error: (06/15/2015 05:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: steam.exe2.81.34.62cb801d0a5f123510c0012153D:\steam\steam.exefc9cf060-137a-11e5-82a0-448a5bef406e
Error: (06/15/2015 05:21:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (06/13/2015 06:14:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/11/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76263001d0a46f5990f4d3D:\lol\RADS\projects\lol_air_client\releases\0.0.1.148\deploy\LolClient.exeD:\lol\RADS\projects\lol_air_client\releases\0.0.1.148\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll243e6a68-1068-11e5-82a0-448a5bef406e
Error: (06/11/2015 05:46:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WinRE toolsFalscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-06-17 21:27:06.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-11 17:55:06.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:38:12.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:37:23.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-24 17:37:14.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-21 16:28:33.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 18:03:13.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-19 20:42:17.124
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-19 19:48:45.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-16 22:46:16.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7364.21 MB
Available physical RAM: 4948.84 MB
Total Pagefile: 8516.21 MB
Available Pagefile: 5843.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:50.58 GB) NTFS
Drive d: (Data) (Fixed) (Total:913.38 GB) (Free:753.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: EB72DB9C)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EB72DA7A)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
18.06.2015, 16:44
| #6 |
| /// the machine /// TB-Ausbilder | Versteckte hyperlinks zu StampliveESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Versteckte hyperlinks zu Stamplive |
|
18.06.2015, 19:45
| #7 |
| | Versteckte hyperlinks zu StampliveCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a13ac7b088384f9a9e07b628f9b6ec
# end=init
# utc_time=2015-06-18 06:05:06
# local_time=2015-06-18 07:05:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24392
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a13ac7b088384f9a9e07b628f9b6ec
# end=updated
# utc_time=2015-06-18 06:07:10
# local_time=2015-06-18 07:07:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d1a13ac7b088384f9a9e07b628f9b6ec
# engine=24392
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-18 07:25:19
# local_time=2015-06-18 08:25:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 82778 38724601 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3533831 20193582 0 0
# scanned=419196
# found=55
# cleaned=0
# scan_time=4688
sh=270A80FEB5C080BD53673E55276FEB0552F831E2 ft=0 fh=0000000000000000 vn="Variante von MSIL/Hoax.FakeHack.OJ Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3181750377-55683798-1376771009-1001\$RYRCRB5.rar"
sh=9D31C358C1C43061551280514FE49A03B14239E2 ft=1 fh=c71c001182c74530 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cooolnciheaapp\YxVVmXKnV4h31J.dll.vir"
sh=6BF1349A0DECE8EBF8807F630EF27E1A828C21AA ft=1 fh=f497540a3804d4f9 vn="Variante von Win32/Adware.Gertokr.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe.vir"
sh=4A9B7825A3299917539723CBD0C425FFCB5B267E ft=1 fh=96d8f6cfa244d1d0 vn="Variante von Win32/Adware.Gertokr.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Loca\uninstall.exe.vir"
sh=65E7105A7C76E1D54BDF5882218FDBE71D303153 ft=1 fh=8ed56cb4b4f84988 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\niccenfree\Zs0DlNphcGIeLk.x64.dll.vir"
sh=6E415703FF79A8956E3A1B5C2378B3186367036A ft=1 fh=c71c001199700bdf vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\OffferSaoLee\TuervfDDcGaPwM.dll.vir"
sh=B3148EBEA8FAF7C02147FEC127728B5EFBCEC106 ft=1 fh=8ed56cb4a356aece vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\OffferSaoLee\TuervfDDcGaPwM.x64.dll.vir"
sh=0F874DE053A9AA633A137FC3DFD76FEB2C6D3779 ft=1 fh=c71c00113deda51f vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\salleioFFfer\lckHaRS9nt8koN.dll.vir"
sh=9CFB9688CB96882760BC0473C32F8D73C66913D1 ft=1 fh=e5f22127a3364174 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\salleioFFfer\lckHaRS9nt8koN.x64.dll.vir"
sh=6677488959BBF381722B2DFB7F31E3DAD25CAA00 ft=1 fh=c71c00118d754ed3 vn="Variante von Win32/SProtector.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\71b4680c00002b77\71b4680c00002b77.dll.vir"
sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\andyh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmllonaidjepimjdhjdcgodgekcmhop\165\content.js.vir"
sh=9EE522945489EECF80EE9EDCA27292E4C297A3D6 ft=1 fh=af5d765aae6990d8 vn="Variante von Win32/Adware.ConvertAd.PO Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Fabian\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=A61A9BBEBA9639FDF37ADEE89166E235ACF1A4BF ft=1 fh=6ff4481426fca4d1 vn="Variante von Win32/VOPackage.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Fabian\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=6BF1349A0DECE8EBF8807F630EF27E1A828C21AA ft=1 fh=f497540a3804d4f9 vn="Variante von Win32/Adware.Gertokr.E Anwendung" ac=I fn="C:\ProgramData\cryptoDrvUpdate.exe"
sh=6BF1349A0DECE8EBF8807F630EF27E1A828C21AA ft=1 fh=f497540a3804d4f9 vn="Variante von Win32/Adware.Gertokr.E Anwendung" ac=I fn="C:\Users\All Users\cryptoDrvUpdate.exe"
sh=2A9288407F0AA89D3243E928172E9028453359AD ft=1 fh=5910be391f643bf5 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\12212_offer.exe"
sh=81F57D85EF0E249F8273501CE3F40A0C1ADF1D0A ft=1 fh=c8fe0fef101f768f vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\12235_offer.exe"
sh=C1B5FB32F5EF7C7C72FCF4238655D58A7B59DEED ft=1 fh=91d9f1c40f2b864c vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\13839_offer.exe"
sh=67FE4CE966657EF2AEAF2F97E7384A5AFECA71A5 ft=1 fh=2267bd90a80c2083 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\14560_offer.exe"
sh=E42C2B77EF4851D8FDADB5B8AD148D1E444F081C ft=1 fh=c41f41d98379cb14 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\17077_offer.exe"
sh=045C6B45383A4F1E14C26DD118EC86244E775C9E ft=1 fh=248a6cb89cf935b6 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\17131_offer.exe"
sh=29144B8B1F276B9172131DB44EE195DECCD4A7EC ft=1 fh=e8aa19d7a5997cec vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\17516_offer.exe"
sh=C80B98A5B4615A93730B7795F0076E119BA19384 ft=1 fh=c0f74118e4de6858 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\17831_offer.exe"
sh=EB8DFB57FEA5DE5A15548A41A98BF209CD4C270E ft=1 fh=78975c6a33aeaf66 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\18199_offer.exe"
sh=21E149F73C36E639197F85C3DED6BCC27519F462 ft=1 fh=75af3efcbd102a92 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\19345_offer.exe"
sh=284C8D654A5A9B87373BB85F3C99CAC78922EB8E ft=1 fh=31cb5a70819503b8 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\20063_offer.exe"
sh=30E2C29AD991AA716EBB60C1F23960D3EEA68930 ft=1 fh=1a4e48b730db6611 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\20391_offer.exe"
sh=C39EC8DF053BB90A10521686E38C0FFE0819DA18 ft=1 fh=c402211557ea4280 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\21189_offer.exe"
sh=73A535375FF1639A10CDFAC9AA2566A9C24E4F7B ft=1 fh=7715146bebde1ecb vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\21223_offer.exe"
sh=337E098A3B11A6554D43627365E649D7FA9E9105 ft=1 fh=f6c3da63a603d016 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\24385_offer.exe"
sh=DE4E98EC16B5A7CCA6906CFC4C97CCECB63B179E ft=1 fh=2a88e4d88628a505 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\24517_offer.exe"
sh=75BDC8F1B3F705B53A6D3B27E29D74E71761B888 ft=1 fh=f4a47a0fd631f29a vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\26196_offer.exe"
sh=BD96C4665D1F6935CDD73E83E6CCF9F4B7AD9E39 ft=1 fh=13c6809f5dc061eb vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\28086_offer.exe"
sh=C34140D371EAA5BD3CA4DDD84841E37FAD2A1F34 ft=1 fh=9013efb029b2d3e4 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\28629_offer.exe"
sh=804315F14731F0FB73C09BDDF92B2B593640BE5C ft=1 fh=93bb9cff6929d5f3 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\2963_offer.exe"
sh=B60EDCEC09822E1BDB7FBA073C4002CFC37C7D02 ft=1 fh=bf3a5240ca81d637 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\30789_offer.exe"
sh=CB6450AAAEF618500EAE03D0B67730696D42EEF5 ft=1 fh=0fc8fb2361914241 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\30835_offer.exe"
sh=ADA0AD00FA8AEE7A9D1FC2B48BB8D97EB1AB71B3 ft=1 fh=6f12f79a8ac94485 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\31155_offer.exe"
sh=BC7398A75C282D575358D61FB2A163A1247011DB ft=1 fh=9b4656d67806d6e7 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\31441_offer.exe"
sh=52093D46AE0A1561CDE2D059DC047904ED0037C4 ft=1 fh=d861b62d925e6a6f vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\31986_offer.exe"
sh=4D8783A5F9DF3FDBE1840240636046EE21CB6379 ft=1 fh=2d75e8848b0b2eb2 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\32199_offer.exe"
sh=3431D0A5D3822C0EBBCA8FEE5CBDC94EB84B40E5 ft=1 fh=62bb025f1385da75 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\32662_offer.exe"
sh=F868319F0AAF947C98AD6FE5377DFF5FFA08862F ft=1 fh=4d0a489d759e6f7b vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\3597_offer.exe"
sh=2A9288407F0AA89D3243E928172E9028453359AD ft=1 fh=5910be391f643bf5 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\6158_offer.exe"
sh=AD0114078B81DA413B931363A5359AB655C3B8AC ft=1 fh=76c5779746eda2eb vn="Variante von Win32/Adware.iBryte.BY Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\72A8.tmp"
sh=F98648E478C50EF0B674C401D9F69B087B3560B2 ft=1 fh=6083ad26f3e60148 vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\8966_offer.exe"
sh=AAFF76A663A0BA03542D1F909D73A2E116781870 ft=1 fh=de72d1e0db654eeb vn="Variante von Win32/Adware.Gertokr.B Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\9957_offer.exe"
sh=73E04CF27E45D649C473CFC365C208DE119E05B0 ft=1 fh=5222b57c8faf5395 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\ICReinstall_nsi4D18.tmp"
sh=BC65A96FC5DD0564B787D8010CB149D20B03FB14 ft=1 fh=0aa720238faf5395 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\ICReinstall_nso8826.tmp"
sh=BC65A96FC5DD0564B787D8010CB149D20B03FB14 ft=1 fh=0aa720238faf5395 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\nso8826.tmp"
sh=61445CF141ED133F87389743CD88AB1CCB9E3772 ft=1 fh=7907f7fc610451a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\DMR\dmr_72.exe"
sh=087B0838841B3465FD858DCE34A86532649E3A59 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Users\Fabian\AppData\Roaming\Skype\My Skype Received Files\Injectorrr.rar"
sh=144CE9824988AB4F9FAFF798DB5EE8B79E5F8A24 ft=1 fh=a0963d458e4684d0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\Downloads\OpenOffice - CHIP-Installer.exe"
sh=95B785C6D5465575F2B951FC5E31890B84D1FAA9 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\3cc77.msi"
sh=6BF1349A0DECE8EBF8807F630EF27E1A828C21AA ft=1 fh=f497540a3804d4f9 vn="Variante von Win32/Adware.Gertokr.E Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\cryptoDrvUpdate[1]"
Code:
ATTFilter Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter 4
Java 8 Update 31
Java version 32-bit out of Date!
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Fabian (administrator) on MSI-LAPTOP on 18-06-2015 20:39:54
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available Profiles: Fabian & andyh_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Aeria Games & Entertainment) D:\Area ignite\aeriaignite.exe
(Akamai Technologies, Inc.) C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) D:\steam\Steam.exe
(Valve Corporation) D:\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-10-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-10-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408744 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1562504 2013-05-02] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Area ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\...\MountPoints2: {b0c24991-98b6-11e4-826f-448a5bef406e} - "F:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3181750377-55683798-1376771009-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3181750377-55683798-1376771009-1001 -> {E8131295-A219-43E2-BC5C-0A413E43F7FC} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{0F1611EC-4C06-41DD-831C-69825A095822}: [NameServer] 192.168.178.201,192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-02] (BitRaider, LLC)
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [69120 2013-10-22] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-10-27] (ELAN Microelectronics Corp.)
S2 MBAMScheduler; D:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2014-10-27] (Advanced Micro Devices)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-22] (BitRaider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-13] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [554712 2014-10-27] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-18 19:04 - 2015-06-18 19:04 - 02870984 _____ (ESET) C:\Users\Fabian\Downloads\esetsmartinstaller_deu.exe
2015-06-18 19:04 - 2015-06-18 19:04 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-18 16:03 - 2015-06-18 16:03 - 00002329 _____ C:\Users\Fabian\Desktop\Chrome App Launcher.lnk
2015-06-18 16:03 - 2015-06-18 16:03 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-17 21:37 - 2015-06-18 20:39 - 00022417 _____ C:\Users\Fabian\Desktop\FRST.txt
2015-06-17 21:37 - 2015-06-17 21:38 - 00038573 _____ C:\Users\Fabian\Desktop\Addition.txt
2015-06-17 21:36 - 2015-06-17 21:36 - 00001593 _____ C:\Users\Fabian\Desktop\JRT.txt
2015-06-17 21:33 - 2015-06-16 17:10 - 02945901 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-06-17 21:29 - 2015-06-17 21:29 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MSI-LAPTOP-Windows-8.1-(64-bit).dat
2015-06-17 21:29 - 2015-06-17 21:29 - 00000000 ____D C:\RegBackup
2015-06-17 21:28 - 2015-06-17 21:28 - 00002903 _____ C:\Users\Fabian\Desktop\mbam.txt
2015-06-17 20:59 - 2015-06-17 20:59 - 00001056 _____ C:\Users\Fabian\Desktop\AdwCleaner[S1].txt
2015-06-17 20:58 - 2015-06-17 21:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 20:58 - 2015-06-17 20:58 - 00000641 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 20:58 - 2015-06-17 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 20:58 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-17 20:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 20:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 21:49 - 2015-06-16 21:49 - 00001740 _____ C:\Users\Fabian\Desktop\Echo of Soul.lnk
2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-06-16 21:40 - 2015-06-16 21:50 - 00000000 ____D C:\Users\Fabian\EOS
2015-06-16 17:41 - 2015-06-16 17:41 - 00040497 _____ C:\Users\Fabian\Downloads\Addition.txt
2015-06-16 17:40 - 2015-06-18 20:39 - 00000000 ____D C:\FRST
2015-06-16 17:40 - 2015-06-16 17:41 - 00043360 _____ C:\Users\Fabian\Downloads\FRST.txt
2015-06-16 17:09 - 2015-06-16 17:10 - 02945901 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2015-06-16 17:09 - 2015-06-16 17:09 - 02109952 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-06-16 17:05 - 2015-06-17 20:54 - 00000000 ____D C:\AdwCleaner
2015-06-16 17:04 - 2015-06-16 17:04 - 02231296 _____ C:\Users\Fabian\Desktop\AdwCleaner_4.206.exe
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Enigma Software Group
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 ____D C:\sh4ldr
2015-06-13 16:21 - 2015-06-13 16:21 - 00000000 _____ C:\autoexec.bat
2015-06-13 16:20 - 2015-06-13 16:20 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-06-11 17:53 - 2015-06-11 17:53 - 00000000 ____D C:\Users\Fabian\AppData\Local\GWX
2015-06-11 16:18 - 2015-06-11 16:18 - 00512536 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\echoofsoul_de_downloader.exe
2015-06-09 20:26 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 20:26 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 20:26 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 20:26 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 20:26 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 20:26 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 20:26 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 20:26 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 20:26 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 20:26 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 20:26 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 20:26 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 20:26 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 20:26 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 20:26 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 20:26 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 20:26 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 20:26 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 20:26 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 20:26 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 20:26 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 20:26 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 20:26 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 20:26 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 20:26 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 20:26 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 20:26 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 20:26 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 20:26 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 20:26 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 20:26 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 20:26 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 20:26 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 20:26 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 20:26 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 20:26 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 20:26 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 20:26 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 20:26 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 20:26 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 20:26 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 20:26 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 20:26 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 20:26 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 20:26 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 20:26 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 20:26 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 20:26 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 20:25 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 20:25 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 20:25 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 20:25 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 20:25 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 20:25 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 20:25 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 20:25 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 20:25 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 20:25 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 13:56 - 2015-06-15 17:26 - 00000000 ____D C:\Users\Fabian\AppData\Local\nuclearthrone
2015-06-05 13:55 - 2015-06-05 13:55 - 00000202 _____ C:\Users\Fabian\Desktop\Nuclear Throne.url
2015-05-21 16:41 - 2015-05-21 16:41 - 00000805 _____ C:\Users\Fabian\Desktop\S4 League.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00001526 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2015-05-19 18:05 - 2015-05-19 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-05-19 18:03 - 2015-05-19 18:03 - 03541664 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\aeria_ignite_install.exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (8).exe
2015-05-19 18:02 - 2015-05-19 18:02 - 00578584 _____ (Aeria Games & Entertainment) C:\Users\Fabian\Downloads\s4league_us_downloader (7).exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-18 20:07 - 2014-12-24 20:16 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-18 20:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-18 19:10 - 2015-01-02 20:58 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Skype
2015-06-18 17:59 - 2014-12-24 20:09 - 01778036 _____ C:\Windows\WindowsUpdate.log
2015-06-18 16:50 - 2014-12-24 20:19 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3181750377-55683798-1376771009-1001
2015-06-18 16:21 - 2014-12-25 19:24 - 00000000 ____D C:\Users\Fabian\AppData\Local\Akamai
2015-06-18 15:32 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-18 15:26 - 2014-12-24 20:15 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A39D28A4-299E-4E02-AC02-F935541E2DBA}
2015-06-18 15:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-06-17 21:26 - 2014-12-24 20:16 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 21:26 - 2014-12-24 20:15 - 00000000 ___RD C:\Users\Fabian\OneDrive
2015-06-17 21:26 - 2014-12-24 20:12 - 00192432 _____ C:\Users\Fabian\AppData\Local\BTServer.log
2015-06-17 21:25 - 2015-01-10 13:03 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Angry_Birds_Space
2015-06-17 21:25 - 2014-12-24 20:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-17 21:25 - 2014-03-18 10:54 - 01445600 _____ C:\Windows\PFRO.log
2015-06-17 21:25 - 2013-08-22 15:46 - 00034241 _____ C:\Windows\setupact.log
2015-06-17 21:25 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 21:25 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-17 21:00 - 2014-04-30 18:36 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-06-17 21:00 - 2014-04-30 18:36 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-06-17 21:00 - 2014-04-30 18:11 - 00440760 _____ C:\Windows\system32\perfh014.dat
2015-06-17 21:00 - 2014-04-30 18:11 - 00076914 _____ C:\Windows\system32\perfc014.dat
2015-06-17 21:00 - 2014-04-30 17:02 - 00541792 _____ C:\Windows\system32\perfh008.dat
2015-06-17 21:00 - 2014-04-30 17:02 - 00088858 _____ C:\Windows\system32\perfc008.dat
2015-06-17 21:00 - 2014-04-30 16:55 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-17 21:00 - 2014-04-30 16:55 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-17 21:00 - 2014-03-18 11:03 - 03851932 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 21:40 - 2014-12-25 19:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-16 21:40 - 2014-12-24 20:11 - 00000000 ____D C:\Users\Fabian
2015-06-15 17:21 - 2014-12-24 20:43 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2015-06-15 17:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-11 19:51 - 2014-12-25 19:53 - 00000000 ____D C:\ProgramData\Aeria Games
2015-06-11 19:32 - 2014-12-24 21:28 - 00000000 ____D C:\Users\Fabian\AppData\Local\CrashDumps
2015-06-11 17:57 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 17:54 - 2015-01-02 20:58 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 17:08 - 2015-01-24 15:58 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 17:05 - 2015-05-14 07:30 - 00837536 _____ C:\ProgramData\yvd_ie_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 02032503 _____ C:\ProgramData\yvd_chrome_se.exe
2015-06-11 17:05 - 2015-01-17 15:45 - 01529534 _____ C:\ProgramData\yvd_firefox_se.exe
2015-06-11 17:05 - 2015-01-02 20:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-11 17:04 - 2013-08-22 15:44 - 00431968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:01 - 2015-01-25 18:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 16:57 - 2014-12-24 21:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 16:49 - 2014-12-24 21:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-09 19:05 - 2015-04-08 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-03 17:18 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 17:18 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 17:03 - 2015-04-30 18:27 - 00101376 ___SH C:\Users\Fabian\Desktop\Thumbs.db
2015-05-21 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-19 17:57 - 2014-12-25 20:49 - 00000000 ____D C:\Users\Fabian\Downloads\Gameforge Live
==================== Files in the root of some directories =======
2014-12-24 20:12 - 2015-06-17 21:26 - 0192432 _____ () C:\Users\Fabian\AppData\Local\BTServer.log
2015-01-14 19:22 - 2015-01-14 19:22 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-01-17 15:45 - 2015-06-11 17:05 - 1529534 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-05-14 07:30 - 2015-06-11 17:05 - 0837536 _____ () C:\ProgramData\yvd_ie_se.exe
Files to move or delete:
====================
C:\ProgramData\cryptoDrvUpdate.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe
Some files in TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\12212_offer.exe
C:\Users\Fabian\AppData\Local\Temp\12235_offer.exe
C:\Users\Fabian\AppData\Local\Temp\13839_offer.exe
C:\Users\Fabian\AppData\Local\Temp\14560_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17077_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17131_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17516_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17831_offer.exe
C:\Users\Fabian\AppData\Local\Temp\18199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\19345_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20063_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20391_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21189_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21223_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24385_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24517_offer.exe
C:\Users\Fabian\AppData\Local\Temp\26196_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28086_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28629_offer.exe
C:\Users\Fabian\AppData\Local\Temp\2963_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30789_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30835_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31155_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31441_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31986_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32662_offer.exe
C:\Users\Fabian\AppData\Local\Temp\3597_offer.exe
C:\Users\Fabian\AppData\Local\Temp\3a3e8f3f642f17fca02d85da3e6f8a34.dll
C:\Users\Fabian\AppData\Local\Temp\53e50041d7a934ed4b5edb72a447ebb2.dll
C:\Users\Fabian\AppData\Local\Temp\6158_offer.exe
C:\Users\Fabian\AppData\Local\Temp\8966_offer.exe
C:\Users\Fabian\AppData\Local\Temp\9957_offer.exe
C:\Users\Fabian\AppData\Local\Temp\COMAP.EXE
C:\Users\Fabian\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
C:\Users\Fabian\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Fabian\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Fabian\AppData\Local\Temp\jsonparser.dll
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian\AppData\Local\Temp\sqlite3.exe
C:\Users\Fabian\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_1976.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-17 21:18
==================== End of log ============================
|
|
19.06.2015, 15:59
| #8 |
| /// the machine /// TB-Ausbilder | Versteckte hyperlinks zu Stamplive Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-3181750377-55683798-1376771009-1001\$RYRCRB5.rar
C:\AdwCleaner\Quarantine\C\Program Files (x86)\cooolnciheaapp\YxVVmXKnV4h31J.dll.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Loca\uninstall.exe.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\niccenfree\Zs0DlNphcGIeLk.x64.dll.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OffferSaoLee\TuervfDDcGaPwM.dll.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OffferSaoLee\TuervfDDcGaPwM.x64.dll.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\salleioFFfer\lckHaRS9nt8koN.dll.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\salleioFFfer\lckHaRS9nt8koN.x64.dll.vir
C:\AdwCleaner\Quarantine\C\ProgramData\71b4680c00002b77\71b4680c00002b77.dll.vir
C:\AdwCleaner\Quarantine\C\Users\andyh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmllonaidjepimjdhjdcgodgekcmhop\165\content.js.vir
C:\AdwCleaner\Quarantine\C\Users\Fabian\AppData\Roaming\VOPackage\runasu.exe.vir
C:\AdwCleaner\Quarantine\C\Users\Fabian\AppData\Roaming\VOPackage\VOsrv.exe.vir
C:\ProgramData\cryptoDrvUpdate.exe
C:\Users\All Users\cryptoDrvUpdate.exe
C:\Users\Fabian\AppData\Local\Temp\12212_offer.exe
C:\Users\Fabian\AppData\Local\Temp\12235_offer.exe
C:\Users\Fabian\AppData\Local\Temp\13839_offer.exe
C:\Users\Fabian\AppData\Local\Temp\14560_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17077_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17131_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17516_offer.exe
C:\Users\Fabian\AppData\Local\Temp\17831_offer.exe
C:\Users\Fabian\AppData\Local\Temp\18199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\19345_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20063_offer.exe
C:\Users\Fabian\AppData\Local\Temp\20391_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21189_offer.exe
C:\Users\Fabian\AppData\Local\Temp\21223_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24385_offer.exe
C:\Users\Fabian\AppData\Local\Temp\24517_offer.exe
C:\Users\Fabian\AppData\Local\Temp\26196_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28086_offer.exe
C:\Users\Fabian\AppData\Local\Temp\28629_offer.exe
C:\Users\Fabian\AppData\Local\Temp\2963_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30789_offer.exe
C:\Users\Fabian\AppData\Local\Temp\30835_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31155_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31441_offer.exe
C:\Users\Fabian\AppData\Local\Temp\31986_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32199_offer.exe
C:\Users\Fabian\AppData\Local\Temp\32662_offer.exe
C:\Users\Fabian\AppData\Local\Temp\3597_offer.exe
C:\Users\Fabian\AppData\Local\Temp\6158_offer.exe
C:\Users\Fabian\AppData\Local\Temp\72A8.tmp
C:\Users\Fabian\AppData\Local\Temp\8966_offer.exe
C:\Users\Fabian\AppData\Local\Temp\9957_offer.exe
C:\Users\Fabian\AppData\Local\Temp\ICReinstall_nsi4D18.tmp
C:\Users\Fabian\AppData\Local\Temp\ICReinstall_nso8826.tmp
C:\Users\Fabian\AppData\Local\Temp\nso8826.tmp
C:\Users\Fabian\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Fabian\AppData\Roaming\Skype\My Skype Received Files\Injectorrr.rar
C:\Users\Fabian\Downloads\OpenOffice - CHIP-Installer.exe
C:\Windows\Installer\3cc77.msi
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\cryptoDrvUpdate[1]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Versteckte hyperlinks zu Stamplive |
| entfern, hyperlinks, inter, interne, internet, klicke, links, neuer, problem, schonmal, stamplive, stamplive entfernen, surfe, tab, titel, versteckte, versteckten |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
