|
Plagegeister aller Art und deren Bekämpfung: Meldung Sperrung des Browsers durch "Interpol" mit Paysafe ZahlungsaufforderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.06.2015, 11:57 | #1 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Hallo, ich habe eben, zum zweiten Mal innerhalb weniger Tage diese Seite, bei der ein riesen Text erscheint und angeblich Interpol mein System sperrt und dergleichen und ich per Paysafe was bezahlen soll. Habe den Internet Explorer SOFORT abgeschossen. Ein nochmaliges Öffnen des IE zeigt, dass ich normalen Zugriff habe, dennoch muss diese Meldung die angezeigt wurde ja irgendwoher kommen. Habe erstmal Cookies, Browserverlauf usw. gelöscht. Zur Sicherheitsausstattung: auf meinem System läuft die Emsisoft Internet Security und der Avira-Echtzeitscanner. Spybot benutze ich einigermaßen regelmäßig mit einem manuellen Scan. Firefox läuft problemlos und ich möchte das System natürlich jetzt nicht ohne Vorwarnung einfach runterfahren. Habe zunächst einmal einen Scan mit Spybot durchgeführt, dabei kam folgendes heraus: siehe funde.jpg. Der Scan mit FRST (aus dem laufenden System heraus, Datei liegt auf dem Desktop), ergab das folgende: FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01 Ran by Andreas (administrator) on ANDREAS-PC on 24-06-2015 12:48:02 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available Profiles: Andreas) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Progs\Spybot\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Games\Steam\Steam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Safer-Networking Ltd.) C:\Progs\Spybot\SDTray.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Mozilla Corporation) C:\Progs\Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Mozilla Corporation) C:\Progs\Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-07-02] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-07-02] (NVIDIA Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Progs\Spybot\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Progs\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-553557714-400677296-996515237-1000\...\Run: [Steam] => C:\Games\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation) HKU\S-1-5-21-553557714-400677296-996515237-1000\...\MountPoints2: {ae0f8148-20a2-11e4-b44b-806e6f6e6963} - E:\autorun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk [2014-08-12] ShortcutTarget: Steam.lnk -> C:\Games\Steam\Steam.exe (Valve Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-553557714-400677296-996515237-1000] => localhost:8080 HKU\S-1-5-21-553557714-400677296-996515237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ighome.com/ HKU\S-1-5-21-553557714-400677296-996515237-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.) Toolbar: HKU\S-1-5-21-553557714-400677296-996515237-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 83.169.186.33 83.169.186.97 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\uptpn3eq.default FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-11] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-553557714-400677296-996515237-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-20] () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-11] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-07-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-09-09] () S3 SDScannerService; C:\Progs\Spybot\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Progs\Spybot\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SDWSCService; C:\Progs\Spybot\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 SkypeUpdate; C:\Progs\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH) R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] () R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] () R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 12:48 - 2015-06-24 12:48 - 00011388 _____ C:\Users\Andreas\Desktop\FRST.txt 2015-06-24 12:45 - 2015-06-24 12:48 - 00000000 ____D C:\FRST 2015-06-10 17:03 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 17:03 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 17:03 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 17:03 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 17:03 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 17:03 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 17:03 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 17:03 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 17:03 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 17:03 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 17:03 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 17:03 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 17:03 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 17:03 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 17:03 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 17:03 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 17:03 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 17:03 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 17:03 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 17:03 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 17:03 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 17:03 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 17:03 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 17:03 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 17:03 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 17:03 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 17:03 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 17:02 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 17:02 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 17:02 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 17:02 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 17:02 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 17:02 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 17:02 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 17:02 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 17:02 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 17:02 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 17:02 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 17:02 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 17:02 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 17:02 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 17:02 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 17:02 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 17:02 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 17:02 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 17:02 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 17:02 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 17:02 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 17:02 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 17:02 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 17:02 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 17:02 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 17:02 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 17:02 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 17:02 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 17:02 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 17:02 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 17:02 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 17:02 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 17:02 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 17:02 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 17:02 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 17:02 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 17:02 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 17:02 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 17:02 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 17:02 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 17:02 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 17:02 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 17:02 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 17:02 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 17:02 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 17:02 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 17:02 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 17:02 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 17:02 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 17:02 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 17:02 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 17:02 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 17:02 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 17:02 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 17:02 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 17:02 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 17:02 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 17:02 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-08 16:30 - 2015-06-15 14:50 - 00011331 _____ C:\Users\Andreas\Desktop\Post Garrison Deck.odt 2015-06-01 07:46 - 2015-06-01 07:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\GWX 2015-05-29 20:06 - 2015-05-29 20:06 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\The Dark Mod.lnk 2015-05-25 13:43 - 2015-05-25 13:43 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx5e76 2015-05-25 13:43 - 2015-05-25 13:43 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx4fcd 2015-05-25 13:41 - 2015-05-25 13:42 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\avidemux 2015-05-25 13:36 - 2015-05-25 13:36 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx374c 2015-05-25 13:35 - 2015-05-25 13:35 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx47bf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 12:48 - 2015-04-05 18:46 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security 2015-06-24 12:43 - 2014-08-10 16:52 - 01223612 _____ C:\Windows\WindowsUpdate.log 2015-06-24 12:30 - 2014-08-12 08:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-24 12:28 - 2014-10-02 11:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-24 10:58 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-24 10:58 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-24 10:48 - 2014-08-12 08:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-24 10:47 - 2015-02-08 02:00 - 00016139 _____ C:\Windows\setupact.log 2015-06-24 10:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-21 18:13 - 2014-08-11 15:28 - 00000000 ____D C:\Users\Andreas\AppData\Local\Battle.net 2015-06-19 14:18 - 2014-08-11 16:22 - 00001468 _____ C:\Users\Andreas\Sti_Trace.log 2015-06-15 07:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-12 23:13 - 2014-08-11 15:38 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype 2015-06-12 21:44 - 2014-08-11 15:38 - 00000000 ____D C:\ProgramData\Skype 2015-06-12 21:32 - 2014-08-11 14:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-12 19:09 - 2014-08-11 02:46 - 00699340 _____ C:\Windows\system32\perfh007.dat 2015-06-12 19:09 - 2014-08-11 02:46 - 00149448 _____ C:\Windows\system32\perfc007.dat 2015-06-12 19:09 - 2009-07-14 07:13 - 01619272 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-12 19:06 - 2014-11-08 18:10 - 00000000 ____D C:\Backup 2015-06-11 17:48 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-06-11 15:18 - 2014-10-02 11:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 15:18 - 2014-08-18 15:20 - 00000000 ____D C:\Users\Andreas\AppData\Local\Adobe 2015-06-11 15:18 - 2014-08-11 07:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-11 15:18 - 2014-08-11 07:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-11 15:18 - 2014-08-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 15:17 - 2014-08-10 20:38 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 15:17 - 2014-08-10 20:38 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-11 15:06 - 2014-08-10 20:36 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 15:06 - 2010-11-21 05:47 - 00325766 _____ C:\Windows\PFRO.log 2015-06-11 07:35 - 2014-11-12 19:12 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieBrowserModeList 2015-06-11 07:35 - 2014-08-10 19:46 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieUserList 2015-06-11 07:35 - 2014-08-10 19:46 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieSiteList 2015-06-11 07:15 - 2014-08-10 20:36 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-11 07:15 - 2014-08-10 20:36 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-11 07:12 - 2009-07-14 06:45 - 00294640 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 07:10 - 2015-04-15 16:47 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 07:10 - 2015-04-15 16:47 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 07:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-10 22:37 - 2014-08-10 19:30 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 22:35 - 2014-08-10 19:30 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 17:17 - 2014-09-04 01:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-03 07:18 - 2014-08-10 20:27 - 00000000 ____D C:\Progs 2015-05-29 19:34 - 2014-08-11 15:08 - 00000000 ____D C:\Games 2015-05-25 13:53 - 2014-08-11 15:34 - 00000000 ____D C:\Program Files (x86)\DivX 2015-05-25 13:53 - 2014-08-11 15:30 - 00000000 ____D C:\ProgramData\DivX 2015-05-25 13:52 - 2015-05-16 15:04 - 00000000 ____D C:\Program Files (x86)\Xvid 2015-05-25 13:35 - 2014-08-11 15:34 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\DivX ==================== Files in the root of some directories ======= 2014-12-13 20:40 - 2014-12-13 20:40 - 0000001 _____ () C:\Users\Andreas\AppData\Local\llftool.4.40.agreement 2014-08-13 06:29 - 2014-08-13 06:29 - 0007226 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx0620 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx286d 2015-05-25 13:36 - 2015-05-25 13:36 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx374c 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx4665 2015-05-25 13:35 - 2015-05-25 13:35 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx47bf 2015-05-25 13:43 - 2015-05-25 13:43 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx4fcd 2015-05-25 13:43 - 2015-05-25 13:43 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx5e76 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx97c1 Some files in TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 11:08 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01 Ran by Andreas at 2015-06-24 12:48:22 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-553557714-400677296-996515237-500 - Administrator - Disabled) Andreas (S-1-5-21-553557714-400677296-996515237-1000 - Administrator - Enabled) => C:\Users\Andreas Gast (S-1-5-21-553557714-400677296-996515237-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-553557714-400677296-996515237-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Emsisoft Internet Security (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Emsisoft Internet Security (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Emsisoft Internet Security (Enabled) {177F60DC-CF64-1D22-2509-421BF4ED67B2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep) Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Black Ink (HKLM-x32\...\Steam App 233680) (Version: - Bleank) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP) Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version: - EA Los Angeles) Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) Construct 2 Free (HKLM-x32\...\Steam App 227240) (Version: - Scirra) ContentMod2.6.3 (HKLM-x32\...\ContentMod_2.6.3) (Version: - ) Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment) Destination Sol (HKLM-x32\...\Steam App 342980) (Version: - Milosh Petrov) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version: - YoYo Games Ltd.) GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1 Internet AG) GMX SMS-Manager (x32 Version: 3.3 - 1 und 1 Internet AG) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Gothic 3 (HKLM-x32\...\GOGPACKGOTHIC3_is1) (Version: 2.0.0.16 - GOG.com) Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve) Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor) Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version: - Valve) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech) Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games) Medal of Honor: Airborne (HKLM-x32\...\Steam App 24840) (Version: - EA Los Angeles) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version: - Blackhole) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation) Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version: - Haemimont Games) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) OpenRA (HKLM-x32\...\OpenRA) (Version: - OpenRA developers) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.) Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce) Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version: - Volition) S.T.A.L.K.E.R.: Lost Alpha version 1.3.0 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0 - dezowave) Sacred 2 Gold (HKLM-x32\...\1207665233_is1) (Version: 2.0.0.6 - GOG.com) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version: - Rebellion) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Substance Painter version 1.1.0 (HKLM\...\{410F5B6E-A29C-4F43-9DE3-44A1357D6AF5}_is1) (Version: 1.1.0 - Allegorithmic) SUPER © v2014.build.63+Recorder (2014/11/27) Version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft) Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) TSR Watermark Image software version 3.3.2.7 (HKLM-x32\...\TSR Watermark Image_is1) (Version: 3.3.2.7 - TSR Software) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) waterMark V2 (HKLM-x32\...\waterMark V2) (Version: - ) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version: - Noble Empire Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {5F81873B-2B3B-4397-8516-8B1EBDAEA046} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {66978403-9870-4A5E-AA4F-7A70DE19186F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {87E5C4A3-5CF0-4150-BAEE-28DEE593F6D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated) Task: {9BF86382-2840-444E-9795-FC3759080064} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: {FDD1E98D-58E4-401F-BD32-2C1A81375AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-08-10 19:39 - 2014-07-02 22:48 - 02683736 _____ () C:\Windows\system32\nvwmi64.exe 2014-08-10 19:38 - 2014-07-02 22:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-08-10 18:00 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-09 18:06 - 2014-09-09 18:06 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-08-10 18:00 - 2014-07-02 22:48 - 00711456 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll 2014-08-10 17:55 - 2013-02-22 21:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-08-11 14:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Progs\Spybot\snlThirdParty150.bpl 2014-08-11 14:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Progs\Spybot\DEC150.bpl 2014-08-11 14:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Progs\Spybot\snlFileFormats150.bpl 2014-08-10 19:38 - 2014-07-02 22:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-05-16 10:05 - 2015-04-16 19:40 - 00776192 _____ () C:\Games\Steam\SDL2.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 04962816 _____ () C:\Games\Steam\v8.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 01556992 _____ () C:\Games\Steam\icui18n.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 01187840 _____ () C:\Games\Steam\icuuc.dll 2015-05-16 10:05 - 2015-06-04 20:56 - 02407104 _____ () C:\Games\Steam\video.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 02396672 _____ () C:\Games\Steam\libavcodec-56.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00442880 _____ () C:\Games\Steam\libavutil-54.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00479744 _____ () C:\Games\Steam\libavformat-56.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00332800 _____ () C:\Games\Steam\libavresample-2.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00485888 _____ () C:\Games\Steam\libswscale-3.dll 2015-05-16 10:05 - 2015-06-04 20:56 - 00703168 _____ () C:\Games\Steam\bin\chromehtml.DLL 2014-08-11 16:25 - 2015-05-11 21:01 - 36302728 _____ () C:\Games\Steam\bin\libcef.dll 2014-10-15 16:36 - 2014-10-15 16:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2014-08-10 17:25 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-06-11 15:18 - 2015-06-11 15:18 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-553557714-400677296-996515237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 83.169.186.33 - 83.169.186.97 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9D16D3AE-6500-47F7-8FFC-C5B57FDD737B}] => (Allow) C:\Progs\Skype\Phone\Skype.exe FirewallRules: [{AE80E477-FB90-4794-A119-7816F5DB6963}] => (Allow) C:\Games\Steam\Steam.exe FirewallRules: [{60ED972D-A0C9-4388-A067-40D707521AB5}] => (Allow) C:\Games\Steam\Steam.exe FirewallRules: [{C2C8F056-B3C6-463F-B1D8-23131C91F1D4}] => (Allow) C:\Games\Steam\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{7B33A923-68A3-45F2-9D37-40A68A8C08B1}] => (Allow) C:\Games\Steam\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{DDD7A17C-A274-4264-B001-386B900CC926}] => (Allow) C:\Games\Steam\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{0F0DB84C-AFCE-44A0-AB40-21297C488954}] => (Allow) C:\Games\Steam\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{85F7BB15-4516-426F-B685-16EC6600CAE6}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [{39334DA7-CFE8-429B-89DC-AE29E6093AE9}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [{6AA21959-707B-46EB-98AD-5249CF742CE3}] => (Allow) C:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{C7C9B337-4428-473A-8979-6E3BEB5CAEA9}] => (Allow) C:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{978C9136-24B5-4A09-9A60-EC6980BD56DE}] => (Allow) C:\Games\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe FirewallRules: [{1853BCEF-A790-40E9-9749-F1CA199A1A2C}] => (Allow) C:\Games\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe FirewallRules: [{0FA28962-E229-42CE-AB93-2D86F98D6F67}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2014\DotP_D14.exe FirewallRules: [{FA2E5997-75B3-4237-8A27-465273136B61}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2014\DotP_D14.exe FirewallRules: [{6F24AFBD-D7C6-4CC7-8821-42182BBF9D1D}] => (Allow) C:\Games\Steam\SteamApps\common\Endless Space\EndlessSpace.exe FirewallRules: [{81E3265A-9EE9-4AE1-A47D-B1DAB20FD255}] => (Allow) C:\Games\Steam\SteamApps\common\Endless Space\EndlessSpace.exe FirewallRules: [{8060D57C-62CA-4186-8B47-1F4A46D42841}] => (Allow) C:\Games\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{0AE3DB32-F57A-436E-934E-7B19BA8CA761}] => (Allow) C:\Games\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{63D70C5F-C214-40B3-A43C-60826D522579}] => (Allow) C:\Games\Steam\SteamApps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [{25965F58-9303-4647-A361-FEC3B059D89F}] => (Allow) C:\Games\Steam\SteamApps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [{71E5F1B2-5EB8-4EEB-9FA1-61D3A8BB0763}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe FirewallRules: [{C13FE6A4-0CC1-4F0D-8B7A-3F5AADD4066A}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe FirewallRules: [{87172226-96B3-4E45-A6E3-1F1376AEC81C}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe FirewallRules: [{F33AB79E-FC1B-4428-88E0-ECFD32584B08}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe FirewallRules: [{79E4AA60-A8ED-496F-A888-17C73D94E620}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{67F1BEF9-85BA-455D-B0B7-9A54D9EE835D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F9140FBF-0BF2-451F-A460-10A0CD1905FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F2BD274A-928A-4301-BF1B-AB4ED4B3B650}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{770BB249-4A45-4AD6-8BF6-01D75B3237B2}] => (Allow) C:\Games\Steam\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe FirewallRules: [{CB5E9D61-7C66-4ACA-AA23-4E146DECEC7F}] => (Allow) C:\Games\Steam\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe FirewallRules: [{5D62F047-8B12-4E67-B54A-33ED1502CAA1}] => (Allow) C:\Games\Steam\SteamApps\common\Metro Last Light\MetroLL.exe FirewallRules: [{20B388AA-8A78-4877-B6AB-AE2293373F25}] => (Allow) C:\Games\Steam\SteamApps\common\Metro Last Light\MetroLL.exe FirewallRules: [{64C1F4EE-AACF-4BCE-BC81-3525B574B384}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{E1814B47-40FD-46B6-8F08-7DD81ADF10B5}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{EE7605E4-53E6-4870-A243-5E8D4FA58722}] => (Allow) C:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{4420D380-784A-4D7A-8BFF-A8E7BFB0AFD5}] => (Allow) C:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{6B4377C8-229F-4789-913C-6EB0A8353BCA}] => (Allow) C:\Games\Steam\SteamApps\common\Omerta\OmertaSteam.exe FirewallRules: [{9331D8DE-CFFF-4AAA-8249-20D13E5214B2}] => (Allow) C:\Games\Steam\SteamApps\common\Omerta\OmertaSteam.exe FirewallRules: [{820DE263-E567-4E5D-9E49-B79E7E6CCF7A}] => (Allow) C:\Games\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{682F0E84-C091-4FDE-B284-7A32B5205FD8}] => (Allow) C:\Games\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{4A61BD23-93C4-4D88-8597-C5CD9FA385D7}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe FirewallRules: [{0ADDFA15-BF27-443F-B363-2C0865E91536}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe FirewallRules: [{47CF54EA-545E-4E16-B04B-42EB62B64062}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe FirewallRules: [{EBAAF277-21B0-496C-8869-32917FDF212B}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe FirewallRules: [{62E0D317-BFEC-453F-99CC-C3C326F6EBAB}] => (Allow) C:\Progs\Firefox\firefox.exe FirewallRules: [{BC82C522-E6FF-43A0-85A0-6850992B4318}] => (Allow) C:\Progs\Firefox\firefox.exe FirewallRules: [{7FF06637-B5A4-4639-9583-F4E9751F689C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{4F434294-FDE7-4AEF-93B2-3E0E9D7E969D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{DFB1EFD2-D7EF-456F-B50D-3B38BF909B5D}] => (Allow) C:\Games\Steam\SteamApps\common\AmongRipples\AmongRipples.exe FirewallRules: [{F0C545D5-A15C-46EB-962C-7EA056138BE7}] => (Allow) C:\Games\Steam\SteamApps\common\AmongRipples\AmongRipples.exe FirewallRules: [{88CAD451-18AC-4381-BEEF-FE7880F6F1C8}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe FirewallRules: [{C98EE5C5-2FC8-4864-BF96-746068358FCF}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe FirewallRules: [{0D531CAC-381F-4C61-AA4A-18E9D9C93C45}] => (Allow) C:\Games\Steam\SteamApps\common\Destination Sol\sol.exe FirewallRules: [{57161407-13E3-45E8-AA8A-BC0F27BD0874}] => (Allow) C:\Games\Steam\SteamApps\common\Destination Sol\sol.exe FirewallRules: [{489ADC96-4BE5-4BB5-9DAC-B2E1EF2F6A5A}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [{FF8AD27E-7699-4AE1-A4D6-859E8F0FC46B}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [TCP Query User{4E1CFD49-695D-4703-BCA7-7FB9C9EFDCF2}C:\progs\firefox\firefox.exe] => (Block) C:\progs\firefox\firefox.exe FirewallRules: [UDP Query User{0E360271-221A-4F0C-8187-957C859AED73}C:\progs\firefox\firefox.exe] => (Block) C:\progs\firefox\firefox.exe FirewallRules: [{CD8A6828-E76D-40A0-B9E8-1DAA7C32747E}] => (Allow) C:\Games\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{DD732C0C-669C-4797-BF36-BEED4674AC2B}] => (Allow) C:\Games\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{941F1825-EBD1-4E08-949F-CE1F561C1B41}] => (Allow) C:\Games\Steam\SteamApps\common\Black Ink\BlackInk.exe FirewallRules: [{EA833634-1859-47EF-9712-3057C1CEFACE}] => (Allow) C:\Games\Steam\SteamApps\common\Black Ink\BlackInk.exe FirewallRules: [{31C6242B-8CDE-4B2E-99AF-A0A6026688B2}] => (Allow) C:\Games\Steam\SteamApps\common\Construct2\Construct2.exe FirewallRules: [{098258B3-0078-428E-B028-26F4BCCD30C6}] => (Allow) C:\Games\Steam\SteamApps\common\Construct2\Construct2.exe FirewallRules: [{C455ECA4-2104-4E17-A5CA-16946EAA08F6}] => (Allow) C:\Games\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{E516DFB9-11D7-4A84-897B-F3ED0A494A4D}] => (Allow) C:\Games\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{7E470058-32C2-427D-BFDD-C14BD6087854}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe FirewallRules: [{4573B9A2-13C0-43EA-BE28-2C2EF9F905B2}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe FirewallRules: [TCP Query User{99733366-84B8-49B0-AB3B-0B57629EFB8E}C:\games\diablo iii\diablo iii.exe] => (Block) C:\games\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{F61E5930-7DD8-42D5-A2E5-AB85296D33F1}C:\games\diablo iii\diablo iii.exe] => (Block) C:\games\diablo iii\diablo iii.exe StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/24/2015 10:49:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 07:10:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 10:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 06:10:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 02:25:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 09:40:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/21/2015 01:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2015 08:37:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2015 07:44:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 6624. Message ID: [0x2509]. Error: (06/19/2015 07:43:04 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8168. Message ID: [0x2509]. System errors: ============= Error: (06/23/2015 06:09:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/23/2015 06:09:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/23/2015 06:09:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/23/2015 06:09:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/23/2015 06:08:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/23/2015 06:08:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/23/2015 03:46:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/23/2015 03:46:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/23/2015 03:45:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252. Error: (06/23/2015 03:45:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252. Microsoft Office: ========================= Error: (06/24/2015 10:49:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 07:10:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 10:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 06:10:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 02:25:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 09:40:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/21/2015 01:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2015 08:37:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2015 07:44:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 6624. Message ID: [0x2509]. Error: (06/19/2015 07:43:04 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8168. Message ID: [0x2509]. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2960XM CPU @ 2.70GHz Percentage of memory in use: 20% Total physical RAM: 16265.05 MB Available physical RAM: 12988.38 MB Total Pagefile: 32528.31 MB Available Pagefile: 28617.92 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:172.33 GB) NTFS Drive d: (BACKUP) (Fixed) (Total:682.44 GB) (Free:682.33 GB) NTFS Drive e: (Siedler 2 DNG) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS Drive f: (Storage) (Fixed) (Total:1862.92 GB) (Free:1233.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0B120F5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 41F846A8) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1863 GB) (Disk ID: 23F023F0) Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End of log ============================ Wie geht es jetzt weiter? Denn noch ist der Rechner an und Firefox läuft ohne Probleme. |
24.06.2015, 12:24 | #2 |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Hallo Ratford
__________________Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". Ich sehe das du 2 aktive Virenscanner hast, du solltest einen davon komplett entfernen. Meine persönliche Empfehlung: Emsisoft behalten, Avira raus Auf den ersten Blick sehe ich nix wildes. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte Malwarebytes Anti-Malware
Starte noch einmal FRST.
__________________ |
24.06.2015, 12:30 | #3 |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Die "Interpol" Seite ist garantiert daher, das AdWare eine Webseite einblenden wollte.
__________________Kannst du die Spybot Funde noch posten ? Achja, Spybot würde ich gegen Malwarebytes tauschen, letzteres ist viel weiter entwickelt.
__________________ |
24.06.2015, 13:13 | #4 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Hallo Timo, danke für die schnelle Reaktion. Ich habe alle Schritte so durchgeführt wie angegeben. Probleme traten nicht auf. Hier die Log-Files: AdwCleaner: AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 24/06/2015 um 13:39:51 # Aktualisiert 21/06/2015 von Xplode # Datenbank : 2015-06-23.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : Andreas - ANDREAS-PC # Gestarted von : C:\Users\Andreas\Desktop\AdwCleaner_4.207.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\RHEng ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080 ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v38.0.5 (x86 de) -\\ Chromium v ************************* AdwCleaner[R0].txt - [1198 Bytes] - [16/08/2014 13:37:44] AdwCleaner[R1].txt - [1682 Bytes] - [24/06/2015 13:37:24] AdwCleaner[S0].txt - [1259 Bytes] - [16/08/2014 13:38:57] AdwCleaner[S1].txt - [1342 Bytes] - [24/06/2015 13:39:51] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1401 Bytes] ########## JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.1.0 (06.23.2015:2) OS: Windows 7 Professional x64 Ran by Andreas on 24.06.2015 at 13:47:34,09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.06.2015 at 13:51:15,70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.06.2015 Suchlauf-Zeit: 13:55:00 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.24.01 Rootkit Datenbank: v2015.06.22.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Andreas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346658 Verstrichene Zeit: 9 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-553557714-400677296-996515237-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Ersetzt,[0e73e3dbd9b1cc6a2eca2029e026f50b] Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Ansonsten: kann ich das System als schadfrei betrachten oder wie geht es weiter? Schonmal vielen Dank für die Hilfe bis hierher! Im Anhang findest du die Datei der Spybot Funde als Screenshot |
24.06.2015, 13:56 | #5 |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Spybot hat nix gefunden, nur Cookies und "zuletzt geöffnete Dateien"-Verlauf geleert. Bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
24.06.2015, 14:07 | #6 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Gesagt, getan. Hier die Logs. FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01 Ran by Andreas (administrator) on ANDREAS-PC on 24-06-2015 15:03:42 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available Profiles: Andreas) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Progs\Spybot\SDUpdSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Games\Steam\Steam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Progs\Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Mozilla Corporation) C:\Progs\Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-07-02] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-07-02] (NVIDIA Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Progs\Spybot\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Progs\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-553557714-400677296-996515237-1000\...\Run: [Steam] => C:\Games\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation) HKU\S-1-5-21-553557714-400677296-996515237-1000\...\MountPoints2: {ae0f8148-20a2-11e4-b44b-806e6f6e6963} - E:\autorun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk [2014-08-12] ShortcutTarget: Steam.lnk -> C:\Games\Steam\Steam.exe (Valve Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-553557714-400677296-996515237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ighome.com/ HKU\S-1-5-21-553557714-400677296-996515237-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.) Toolbar: HKU\S-1-5-21-553557714-400677296-996515237-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 83.169.186.33 83.169.186.97 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\uptpn3eq.default FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-11] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-553557714-400677296-996515237-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-20] () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-11] (Avira Operations GmbH & Co. KG) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-07-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-09-09] () S3 SDScannerService; C:\Progs\Spybot\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Progs\Spybot\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SDWSCService; C:\Progs\Spybot\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 SkypeUpdate; C:\Progs\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH) R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] () R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 14:07 - 2015-06-24 14:07 - 00001395 _____ C:\Users\Andreas\Desktop\mbam.txt 2015-06-24 14:06 - 2015-06-24 14:06 - 00001388 _____ C:\Users\Andreas\Desktop\fund.txt 2015-06-24 13:54 - 2015-06-24 13:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-24 13:54 - 2015-06-24 13:54 - 00001098 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-24 13:54 - 2015-06-24 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-24 13:54 - 2015-06-24 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-24 13:54 - 2015-06-24 13:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-24 13:54 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-24 13:54 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-24 13:54 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-24 13:53 - 2015-06-24 13:53 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-24 13:51 - 2015-06-24 13:51 - 00000607 _____ C:\Users\Andreas\Desktop\JRT.txt 2015-06-24 13:47 - 2015-06-24 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDREAS-PC-Windows-7-Professional-(64-bit).dat 2015-06-24 13:47 - 2015-06-24 13:47 - 00000000 ____D C:\RegBackup 2015-06-24 13:45 - 2015-06-24 13:45 - 02950746 _____ (Malwarebytes Corporation) C:\Users\Andreas\Desktop\JRT.exe 2015-06-24 13:45 - 2015-06-24 13:45 - 00001481 _____ C:\Users\Andreas\Desktop\AdwCleaner[S1].txt 2015-06-24 13:35 - 2015-06-24 13:36 - 00000104 _____ C:\Users\Andreas\Desktop\Forum.txt 2015-06-24 13:34 - 2015-06-24 13:34 - 02244096 _____ C:\Users\Andreas\Desktop\AdwCleaner_4.207.exe 2015-06-24 12:48 - 2015-06-24 15:04 - 00012250 _____ C:\Users\Andreas\Desktop\FRST.txt 2015-06-24 12:48 - 2015-06-24 14:08 - 00048152 _____ C:\Users\Andreas\Desktop\FRST_alt.txt 2015-06-24 12:48 - 2015-06-24 12:48 - 00036435 _____ C:\Users\Andreas\Desktop\Addition.txt 2015-06-24 12:45 - 2015-06-24 15:03 - 00000000 ____D C:\FRST 2015-06-24 12:32 - 2015-06-24 12:32 - 02109952 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe 2015-06-23 17:39 - 2015-06-23 17:39 - 00000097 _____ C:\Users\Andreas\Desktop\Richter Artikel.txt 2015-06-23 06:38 - 2015-06-23 06:38 - 00000112 _____ C:\Users\Andreas\Desktop\Artikel.txt 2015-06-22 19:47 - 2015-06-22 19:49 - 00000088 _____ C:\Users\Andreas\Desktop\Legasthenie.txt 2015-06-22 16:20 - 2015-06-22 16:20 - 00000074 _____ C:\Users\Andreas\Desktop\Serien.txt 2015-06-20 21:21 - 2015-06-20 21:21 - 00000144 _____ C:\Users\Andreas\Desktop\Doku.txt 2015-06-13 23:21 - 2015-06-13 23:22 - 00009167 _____ C:\Users\Andreas\Desktop\Delta Quadrant Solver.odt 2015-06-10 17:03 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 17:03 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 17:03 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 17:03 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 17:03 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 17:03 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 17:03 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 17:03 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 17:03 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 17:03 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 17:03 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 17:03 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 17:03 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 17:03 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 17:03 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 17:03 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 17:03 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 17:03 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 17:03 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 17:03 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 17:03 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 17:03 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 17:03 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 17:03 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 17:03 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 17:03 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 17:03 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 17:03 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 17:03 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 17:03 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 17:03 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 17:03 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 17:03 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 17:03 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 17:03 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 17:02 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 17:02 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 17:02 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 17:02 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 17:02 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 17:02 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 17:02 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 17:02 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 17:02 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 17:02 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 17:02 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 17:02 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 17:02 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 17:02 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 17:02 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 17:02 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 17:02 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 17:02 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 17:02 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 17:02 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 17:02 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 17:02 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 17:02 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 17:02 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 17:02 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 17:02 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 17:02 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 17:02 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 17:02 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 17:02 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 17:02 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 17:02 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 17:02 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 17:02 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 17:02 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 17:02 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 17:02 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 17:02 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 17:02 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 17:02 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 17:02 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 17:02 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 17:02 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 17:02 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 17:02 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 17:02 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 17:02 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 17:02 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 17:02 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 17:02 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 17:02 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 17:02 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 17:02 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 17:02 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 17:02 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 17:02 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 17:02 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 17:02 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 17:02 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 17:02 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-08 16:30 - 2015-06-15 14:50 - 00011331 _____ C:\Users\Andreas\Desktop\Post Garrison Deck.odt 2015-06-01 07:46 - 2015-06-01 07:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\GWX 2015-05-29 20:06 - 2015-05-29 20:06 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\The Dark Mod.lnk 2015-05-25 13:43 - 2015-05-25 13:43 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx5e76 2015-05-25 13:43 - 2015-05-25 13:43 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx4fcd 2015-05-25 13:41 - 2015-05-25 13:42 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\avidemux 2015-05-25 13:36 - 2015-05-25 13:36 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx374c 2015-05-25 13:35 - 2015-05-25 13:35 - 00043682 _____ C:\Users\Andreas\AppData\Local\Tempdivx47bf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 14:53 - 2015-04-05 18:46 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security 2015-06-24 14:30 - 2014-08-12 08:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-24 14:28 - 2014-10-02 11:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-24 14:23 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-24 14:23 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-24 14:19 - 2014-08-10 16:52 - 01262318 _____ C:\Windows\WindowsUpdate.log 2015-06-24 14:15 - 2015-02-08 02:00 - 00016251 _____ C:\Windows\setupact.log 2015-06-24 14:15 - 2014-08-12 08:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-24 14:15 - 2010-11-21 05:47 - 00326138 _____ C:\Windows\PFRO.log 2015-06-24 14:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-24 13:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-24 13:39 - 2014-08-16 13:37 - 00000000 ____D C:\AdwCleaner 2015-06-21 18:13 - 2014-08-11 15:28 - 00000000 ____D C:\Users\Andreas\AppData\Local\Battle.net 2015-06-19 14:18 - 2014-08-11 16:22 - 00001468 _____ C:\Users\Andreas\Sti_Trace.log 2015-06-15 07:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-12 23:13 - 2014-08-11 15:38 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype 2015-06-12 21:44 - 2014-08-11 15:38 - 00000000 ____D C:\ProgramData\Skype 2015-06-12 21:32 - 2014-08-11 14:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-12 19:09 - 2014-08-11 02:46 - 00699340 _____ C:\Windows\system32\perfh007.dat 2015-06-12 19:09 - 2014-08-11 02:46 - 00149448 _____ C:\Windows\system32\perfc007.dat 2015-06-12 19:09 - 2009-07-14 07:13 - 01619272 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-12 19:06 - 2014-11-08 18:10 - 00000000 ____D C:\Backup 2015-06-11 17:48 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-06-11 15:18 - 2014-10-02 11:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 15:18 - 2014-08-18 15:20 - 00000000 ____D C:\Users\Andreas\AppData\Local\Adobe 2015-06-11 15:18 - 2014-08-11 07:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-11 15:18 - 2014-08-11 07:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-11 15:18 - 2014-08-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 15:17 - 2014-08-10 20:38 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 15:17 - 2014-08-10 20:38 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-11 15:06 - 2014-08-10 20:36 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 07:35 - 2014-11-12 19:12 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieBrowserModeList 2015-06-11 07:35 - 2014-08-10 19:46 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieUserList 2015-06-11 07:35 - 2014-08-10 19:46 - 00000000 __SHD C:\Users\Andreas\AppData\Local\EmieSiteList 2015-06-11 07:15 - 2014-08-10 20:36 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-11 07:15 - 2014-08-10 20:36 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-11 07:12 - 2009-07-14 06:45 - 00294640 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 07:10 - 2015-04-15 16:47 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 07:10 - 2015-04-15 16:47 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 07:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-10 22:37 - 2014-08-10 19:30 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 22:35 - 2014-08-10 19:30 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 17:17 - 2014-09-04 01:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-03 07:18 - 2014-08-10 20:27 - 00000000 ____D C:\Progs 2015-05-29 19:34 - 2014-08-11 15:08 - 00000000 ____D C:\Games 2015-05-25 13:53 - 2014-08-11 15:34 - 00000000 ____D C:\Program Files (x86)\DivX 2015-05-25 13:53 - 2014-08-11 15:30 - 00000000 ____D C:\ProgramData\DivX 2015-05-25 13:52 - 2015-05-16 15:04 - 00000000 ____D C:\Program Files (x86)\Xvid 2015-05-25 13:35 - 2014-08-11 15:34 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\DivX ==================== Files in the root of some directories ======= 2014-12-13 20:40 - 2014-12-13 20:40 - 0000001 _____ () C:\Users\Andreas\AppData\Local\llftool.4.40.agreement 2014-08-13 06:29 - 2014-08-13 06:29 - 0007226 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx0620 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx286d 2015-05-25 13:36 - 2015-05-25 13:36 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx374c 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx4665 2015-05-25 13:35 - 2015-05-25 13:35 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx47bf 2015-05-25 13:43 - 2015-05-25 13:43 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx4fcd 2015-05-25 13:43 - 2015-05-25 13:43 - 0043682 _____ () C:\Users\Andreas\AppData\Local\Tempdivx5e76 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Andreas\AppData\Local\Tempdivx97c1 Some files in TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\avgnt.exe C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 11:08 ==================== End of log ============================ Addition.txt [CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01 Ran by Andreas at 2015-06-24 15:04:14 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-553557714-400677296-996515237-500 - Administrator - Disabled) Andreas (S-1-5-21-553557714-400677296-996515237-1000 - Administrator - Enabled) => C:\Users\Andreas Gast (S-1-5-21-553557714-400677296-996515237-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-553557714-400677296-996515237-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Emsisoft Internet Security (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Emsisoft Internet Security (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Emsisoft Internet Security (Enabled) {177F60DC-CF64-1D22-2509-421BF4ED67B2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep) Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Black Ink (HKLM-x32\...\Steam App 233680) (Version: - Bleank) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP) Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version: - EA Los Angeles) Construct 2 Free (HKLM-x32\...\Steam App 227240) (Version: - Scirra) ContentMod2.6.3 (HKLM-x32\...\ContentMod_2.6.3) (Version: - ) Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment) Destination Sol (HKLM-x32\...\Steam App 342980) (Version: - Milosh Petrov) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version: - YoYo Games Ltd.) GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1 Internet AG) GMX SMS-Manager (x32 Version: 3.3 - 1 und 1 Internet AG) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Gothic 3 (HKLM-x32\...\GOGPACKGOTHIC3_is1) (Version: 2.0.0.16 - GOG.com) Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve) Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor) Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version: - Valve) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech) Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Medal of Honor: Airborne (HKLM-x32\...\Steam App 24840) (Version: - EA Los Angeles) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version: - Blackhole) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation) Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version: - Haemimont Games) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) OpenRA (HKLM-x32\...\OpenRA) (Version: - OpenRA developers) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.) Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce) Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version: - Volition) S.T.A.L.K.E.R.: Lost Alpha version 1.3.0 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0 - dezowave) Sacred 2 Gold (HKLM-x32\...\1207665233_is1) (Version: 2.0.0.6 - GOG.com) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version: - Rebellion) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Substance Painter version 1.1.0 (HKLM\...\{410F5B6E-A29C-4F43-9DE3-44A1357D6AF5}_is1) (Version: 1.1.0 - Allegorithmic) SUPER © v2014.build.63+Recorder (2014/11/27) Version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft) Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) TSR Watermark Image software version 3.3.2.7 (HKLM-x32\...\TSR Watermark Image_is1) (Version: 3.3.2.7 - TSR Software) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) waterMark V2 (HKLM-x32\...\waterMark V2) (Version: - ) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version: - Noble Empire Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {5F81873B-2B3B-4397-8516-8B1EBDAEA046} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {66978403-9870-4A5E-AA4F-7A70DE19186F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {87E5C4A3-5CF0-4150-BAEE-28DEE593F6D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated) Task: {9BF86382-2840-444E-9795-FC3759080064} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: {FDD1E98D-58E4-401F-BD32-2C1A81375AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-08-10 19:39 - 2014-07-02 22:48 - 02683736 _____ () C:\Windows\system32\nvwmi64.exe 2014-08-10 19:38 - 2014-07-02 22:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-08-10 18:00 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-09 18:06 - 2014-09-09 18:06 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-08-10 17:55 - 2013-02-22 21:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-08-11 14:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Progs\Spybot\snlThirdParty150.bpl 2014-08-11 14:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Progs\Spybot\DEC150.bpl 2014-08-11 14:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Progs\Spybot\snlFileFormats150.bpl 2014-08-10 19:38 - 2014-07-02 22:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-05-16 10:05 - 2015-04-16 19:40 - 00776192 _____ () C:\Games\Steam\SDL2.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 04962816 _____ () C:\Games\Steam\v8.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 01556992 _____ () C:\Games\Steam\icui18n.dll 2015-05-16 10:05 - 2015-04-23 04:16 - 01187840 _____ () C:\Games\Steam\icuuc.dll 2015-05-16 10:05 - 2015-06-04 20:56 - 02407104 _____ () C:\Games\Steam\video.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 02396672 _____ () C:\Games\Steam\libavcodec-56.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00442880 _____ () C:\Games\Steam\libavutil-54.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00479744 _____ () C:\Games\Steam\libavformat-56.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00332800 _____ () C:\Games\Steam\libavresample-2.dll 2014-08-29 10:23 - 2014-12-01 23:31 - 00485888 _____ () C:\Games\Steam\libswscale-3.dll 2015-05-16 10:05 - 2015-06-04 20:56 - 00703168 _____ () C:\Games\Steam\bin\chromehtml.DLL 2014-08-11 16:25 - 2015-05-11 21:01 - 36302728 _____ () C:\Games\Steam\bin\libcef.dll 2015-05-14 09:16 - 2015-05-11 21:01 - 08958344 _____ () C:\Games\Steam\bin\pdf.dll 2014-10-15 16:36 - 2014-10-15 16:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2014-08-10 17:25 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-06-11 15:18 - 2015-06-11 15:18 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-553557714-400677296-996515237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 83.169.186.33 - 83.169.186.97 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9D16D3AE-6500-47F7-8FFC-C5B57FDD737B}] => (Allow) C:\Progs\Skype\Phone\Skype.exe FirewallRules: [{AE80E477-FB90-4794-A119-7816F5DB6963}] => (Allow) C:\Games\Steam\Steam.exe FirewallRules: [{60ED972D-A0C9-4388-A067-40D707521AB5}] => (Allow) C:\Games\Steam\Steam.exe FirewallRules: [{C2C8F056-B3C6-463F-B1D8-23131C91F1D4}] => (Allow) C:\Games\Steam\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{7B33A923-68A3-45F2-9D37-40A68A8C08B1}] => (Allow) C:\Games\Steam\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{DDD7A17C-A274-4264-B001-386B900CC926}] => (Allow) C:\Games\Steam\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{0F0DB84C-AFCE-44A0-AB40-21297C488954}] => (Allow) C:\Games\Steam\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{85F7BB15-4516-426F-B685-16EC6600CAE6}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [{39334DA7-CFE8-429B-89DC-AE29E6093AE9}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [{6AA21959-707B-46EB-98AD-5249CF742CE3}] => (Allow) C:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{C7C9B337-4428-473A-8979-6E3BEB5CAEA9}] => (Allow) C:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{978C9136-24B5-4A09-9A60-EC6980BD56DE}] => (Allow) C:\Games\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe FirewallRules: [{1853BCEF-A790-40E9-9749-F1CA199A1A2C}] => (Allow) C:\Games\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe FirewallRules: [{0FA28962-E229-42CE-AB93-2D86F98D6F67}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2014\DotP_D14.exe FirewallRules: [{FA2E5997-75B3-4237-8A27-465273136B61}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2014\DotP_D14.exe FirewallRules: [{6F24AFBD-D7C6-4CC7-8821-42182BBF9D1D}] => (Allow) C:\Games\Steam\SteamApps\common\Endless Space\EndlessSpace.exe FirewallRules: [{81E3265A-9EE9-4AE1-A47D-B1DAB20FD255}] => (Allow) C:\Games\Steam\SteamApps\common\Endless Space\EndlessSpace.exe FirewallRules: [{8060D57C-62CA-4186-8B47-1F4A46D42841}] => (Allow) C:\Games\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{0AE3DB32-F57A-436E-934E-7B19BA8CA761}] => (Allow) C:\Games\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{63D70C5F-C214-40B3-A43C-60826D522579}] => (Allow) C:\Games\Steam\SteamApps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [{25965F58-9303-4647-A361-FEC3B059D89F}] => (Allow) C:\Games\Steam\SteamApps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [{71E5F1B2-5EB8-4EEB-9FA1-61D3A8BB0763}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe FirewallRules: [{C13FE6A4-0CC1-4F0D-8B7A-3F5AADD4066A}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe FirewallRules: [{87172226-96B3-4E45-A6E3-1F1376AEC81C}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe FirewallRules: [{F33AB79E-FC1B-4428-88E0-ECFD32584B08}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe FirewallRules: [{79E4AA60-A8ED-496F-A888-17C73D94E620}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{67F1BEF9-85BA-455D-B0B7-9A54D9EE835D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F9140FBF-0BF2-451F-A460-10A0CD1905FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F2BD274A-928A-4301-BF1B-AB4ED4B3B650}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{770BB249-4A45-4AD6-8BF6-01D75B3237B2}] => (Allow) C:\Games\Steam\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe FirewallRules: [{CB5E9D61-7C66-4ACA-AA23-4E146DECEC7F}] => (Allow) C:\Games\Steam\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe FirewallRules: [{5D62F047-8B12-4E67-B54A-33ED1502CAA1}] => (Allow) C:\Games\Steam\SteamApps\common\Metro Last Light\MetroLL.exe FirewallRules: [{20B388AA-8A78-4877-B6AB-AE2293373F25}] => (Allow) C:\Games\Steam\SteamApps\common\Metro Last Light\MetroLL.exe FirewallRules: [{64C1F4EE-AACF-4BCE-BC81-3525B574B384}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{E1814B47-40FD-46B6-8F08-7DD81ADF10B5}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{EE7605E4-53E6-4870-A243-5E8D4FA58722}] => (Allow) C:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{4420D380-784A-4D7A-8BFF-A8E7BFB0AFD5}] => (Allow) C:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{6B4377C8-229F-4789-913C-6EB0A8353BCA}] => (Allow) C:\Games\Steam\SteamApps\common\Omerta\OmertaSteam.exe FirewallRules: [{9331D8DE-CFFF-4AAA-8249-20D13E5214B2}] => (Allow) C:\Games\Steam\SteamApps\common\Omerta\OmertaSteam.exe FirewallRules: [{820DE263-E567-4E5D-9E49-B79E7E6CCF7A}] => (Allow) C:\Games\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{682F0E84-C091-4FDE-B284-7A32B5205FD8}] => (Allow) C:\Games\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{4A61BD23-93C4-4D88-8597-C5CD9FA385D7}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe FirewallRules: [{0ADDFA15-BF27-443F-B363-2C0865E91536}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe FirewallRules: [{47CF54EA-545E-4E16-B04B-42EB62B64062}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe FirewallRules: [{EBAAF277-21B0-496C-8869-32917FDF212B}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe FirewallRules: [{62E0D317-BFEC-453F-99CC-C3C326F6EBAB}] => (Allow) C:\Progs\Firefox\firefox.exe FirewallRules: [{BC82C522-E6FF-43A0-85A0-6850992B4318}] => (Allow) C:\Progs\Firefox\firefox.exe FirewallRules: [{7FF06637-B5A4-4639-9583-F4E9751F689C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{4F434294-FDE7-4AEF-93B2-3E0E9D7E969D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{DFB1EFD2-D7EF-456F-B50D-3B38BF909B5D}] => (Allow) C:\Games\Steam\SteamApps\common\AmongRipples\AmongRipples.exe FirewallRules: [{F0C545D5-A15C-46EB-962C-7EA056138BE7}] => (Allow) C:\Games\Steam\SteamApps\common\AmongRipples\AmongRipples.exe FirewallRules: [{88CAD451-18AC-4381-BEEF-FE7880F6F1C8}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe FirewallRules: [{C98EE5C5-2FC8-4864-BF96-746068358FCF}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe FirewallRules: [{0D531CAC-381F-4C61-AA4A-18E9D9C93C45}] => (Allow) C:\Games\Steam\SteamApps\common\Destination Sol\sol.exe FirewallRules: [{57161407-13E3-45E8-AA8A-BC0F27BD0874}] => (Allow) C:\Games\Steam\SteamApps\common\Destination Sol\sol.exe FirewallRules: [{489ADC96-4BE5-4BB5-9DAC-B2E1EF2F6A5A}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [{FF8AD27E-7699-4AE1-A4D6-859E8F0FC46B}] => (Allow) C:\Games\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [TCP Query User{4E1CFD49-695D-4703-BCA7-7FB9C9EFDCF2}C:\progs\firefox\firefox.exe] => (Block) C:\progs\firefox\firefox.exe FirewallRules: [UDP Query User{0E360271-221A-4F0C-8187-957C859AED73}C:\progs\firefox\firefox.exe] => (Block) C:\progs\firefox\firefox.exe FirewallRules: [{CD8A6828-E76D-40A0-B9E8-1DAA7C32747E}] => (Allow) C:\Games\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{DD732C0C-669C-4797-BF36-BEED4674AC2B}] => (Allow) C:\Games\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{941F1825-EBD1-4E08-949F-CE1F561C1B41}] => (Allow) C:\Games\Steam\SteamApps\common\Black Ink\BlackInk.exe FirewallRules: [{EA833634-1859-47EF-9712-3057C1CEFACE}] => (Allow) C:\Games\Steam\SteamApps\common\Black Ink\BlackInk.exe FirewallRules: [{31C6242B-8CDE-4B2E-99AF-A0A6026688B2}] => (Allow) C:\Games\Steam\SteamApps\common\Construct2\Construct2.exe FirewallRules: [{098258B3-0078-428E-B028-26F4BCCD30C6}] => (Allow) C:\Games\Steam\SteamApps\common\Construct2\Construct2.exe FirewallRules: [{C455ECA4-2104-4E17-A5CA-16946EAA08F6}] => (Allow) C:\Games\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{E516DFB9-11D7-4A84-897B-F3ED0A494A4D}] => (Allow) C:\Games\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{7E470058-32C2-427D-BFDD-C14BD6087854}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe FirewallRules: [{4573B9A2-13C0-43EA-BE28-2C2EF9F905B2}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe FirewallRules: [TCP Query User{99733366-84B8-49B0-AB3B-0B57629EFB8E}C:\games\diablo iii\diablo iii.exe] => (Block) C:\games\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{F61E5930-7DD8-42D5-A2E5-AB85296D33F1}C:\games\diablo iii\diablo iii.exe] => (Block) C:\games\diablo iii\diablo iii.exe StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Progs\Spybot\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/24/2015 02:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 01:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 10:49:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 07:10:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 10:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 06:10:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 02:25:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 09:40:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/21/2015 01:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2015 08:37:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/24/2015 03:01:58 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/24/2015 03:01:57 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (06/24/2015 03:01:51 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 03:01:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 03:01:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 02:59:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 02:59:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 02:55:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 02:55:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (06/24/2015 02:53:05 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Microsoft Office: ========================= Error: (06/24/2015 02:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 01:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 10:49:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 07:10:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 10:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2015 06:10:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 02:25:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2015 09:40:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/21/2015 01:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2015 08:37:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2960XM CPU @ 2.70GHz Percentage of memory in use: 24% Total physical RAM: 16265.05 MB Available physical RAM: 12276.41 MB Total Pagefile: 32528.31 MB Available Pagefile: 27704.45 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:172.5 GB) NTFS Drive d: (BACKUP) (Fixed) (Total:682.44 GB) (Free:682.33 GB) NTFS Drive e: (Siedler 2 DNG) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS Drive f: (Storage) (Fixed) (Total:1862.92 GB) (Free:1233.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0B120F5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 41F846A8) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1863 GB) (Disk ID: 23F023F0) Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End of log ============================ |
24.06.2015, 14:23 | #7 | |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Was evtl. vorhin untergegangen ist: Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte SecurityCheck und:
Und zum Schluss noch ESET Scan, der dauert länger: ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
24.06.2015, 18:29 | #8 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Okay, alles so gemacht wie gesagt. Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01 Ran by Andreas at 2015-06-24 15:39:12 Run:1 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available Profiles: Andreas) Boot Mode: Normal ============================================== fixlist content: ***************** emptytemp: ***************** EmptyTemp: => 252.8 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 15:39:36 ==== Code:
ATTFilter Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Emsisoft Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 40 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.160 Adobe Reader XI Mozilla Firefox (38.0.5) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=5dc44292fda7ef40a1e96b2d24f6633a # end=init # utc_time=2015-06-24 02:00:44 # local_time=2015-06-24 04:00:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 24482 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=5dc44292fda7ef40a1e96b2d24f6633a # end=updated # utc_time=2015-06-24 02:05:53 # local_time=2015-06-24 04:05:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=5dc44292fda7ef40a1e96b2d24f6633a # engine=24482 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-06-24 05:20:27 # local_time=2015-06-24 07:20:27 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 27300670 186796277 0 0 # scanned=661728 # found=0 # cleaned=0 # scan_time=11673 |
25.06.2015, 07:44 | #9 |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Schön, die Logs sind soweit alle sauber. Die Seite die du gesehen hattest, wurde garantiert von AdWare oder nen Redirect auf ner halblegalen Seite eingeblendet und sollte garantiert ne Werbeseite laden. Ich würd mir da keinen Kopf drüber machen. Denk dran, das du nur EINEN Virenscanner auf den Rechner belassen solltest, wobei EMSISOFT ganz klar mein Favorit wäre (habs nämlich selber daheim). Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
25.06.2015, 18:59 | #10 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Hallo Timo, danke für die Infos. Ich bin übrigens selbst (nunja, war es früher mal) aus der IT-Branche und daher mit den grundlegenden Prinzipien des sicheren Surfens vertraut. Die zahlreichen neuen Bedrohungen der letzten Jahre habe ich allerdings auch nicht mehr alle im Blick, daher würde ich ein paar Punkte gerne noch durchgehen. Es ist gut, dass es Menschen wie dich und andere hier gibt, die das ganze voll im Überlick haben. Niemand kann alles wissen - vor allem in dieser extrem schnelllebigen Branche. a) Was ist Defogger und Combofix? Das haben wir jedenfalls nicht eingesetzt, also kann ich den Punkt vermutlich überspringen und mich danach direkt der Bereinigung mit DelFix widmen? b) Ich hätte EmsiSoft Internet Security nicht als Virenscanner eingestuft. Häufig blockt mir der AntiVir Livescanner Kram, den Emsisoft nicht erkannt hat. Daher benutze ich ihn nachwievor. Gerade irgendwelches Zeug, das sich in den Tempdateien versteckt und durch Webseiten runtergeladen wird in Temp Ordner, scheint EmsiSoft häufig nicht zu erkennen und als Bedrohung zu werten. c) AdwCleaner, SpywareBlaster und WOT also zusätzlich zu Malwarebytes Antimalware bzw. AntiVir? d) Ich könnte mich irren, aber ist AdBlockPlus nicht das Programm, das bestimmte Webseiten / Werbung durchlässt, weil diese dafür bezahlen? |
26.06.2015, 09:09 | #11 | |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe ZahlungsaufforderungZitat:
Wem sagst du das...ich arbeite als SysAdmin und ohne Google/Technet geht nix. Da du nicht weisst was Combofix und Defogger sind, hast du es auch nicht verwendet und kannst diese Schritte überspringen. Der Text ist nen Baustein und ist daher universell, daher auch "Falls blabla verwendet wurde". Lass einfach DelFix laufen. Wie gesagt, 2 Virenscanner streiten sich eigentlich immer um den Scanzugriff auf eine Datei, daher kann es schon sein das der eine nix, der anderen aber etwas anzeigt. Ich hatte selbst jahrelang Avira bin aber auf Emsisoft umgestiegen, nicht nur wegen der AdWare, die Avira mitbringt. AdwCleaner und Co. als Zusatz - am besten AdwCleaner 1 mal pro Woche laufen lassen, der Suchlauf dauert eh nur ne Minute, wenn überhaupt. WOT ist nen Addon für Browser, das für unseriöse Webseiten eine Warnung aufgrund Benutzerwertung anzeigt. Ob AdBlockPlus zahlende Werbekunden durchlässt, keine Ahnung. Ich hab das schon seit immer in meinen Browser, wundere mich immer wie Webseiten "normal" ausschauen, falls ich doch mal einen Browser ohne AdBlock nutze.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
27.06.2015, 10:38 | #12 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Okay, habe soweit die Addons für den Firefox installiert und benutze den zukünftig für kritisches Surfen, z.B. wenn ich was mit Google suche und nich weiß wo ich lande. WebOfTrust ist mir etwas heikel, da es ja hier offenbar zum massiven Datenaustausch kommt, damit jederzeit geprüft wird, wo ich surfe. Ist nicht so mein Fall. Der IE hingegen iss komfortabler und - wie ich finde - schöner bei Seiten, von denen keine große Gefahr ausgeht. Ansonsten noch ne Frage zu AntiVir bzw. EmsiSoft: Du hast also NUR EmsiSoft Internet Security laufen? Kein AntiVir mehr? Erkennt aber EmsiSoft dann auch Temp-Dateien Kram und dergleichen? |
27.06.2015, 15:39 | #13 | |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Emsisoft Internet Security Zitat:
Wie gesagt, das ich Emsisoft jederzeit Avira vorziehe ist a) meine eigene Meinung und b) meine eigene Erfahrung, sowie daheim als auch hier am Board Wer mit Avira zufrieden ist und deren Politik, die Free-Version an AdWare zu koppeln, akzeptiert, kann damit gerne arbeiten. Vielleicht arbeitet demnächst ja WeightWatchers als WeightWatchers Free ja auch mit McDonals zusammen
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
27.06.2015, 20:53 | #14 |
| Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung Lässt du bei Malwarebytes AntiMalware zusätzlich noch den Echtzeitschutz laufen? Das würde sich ja mit EmsiSoft beißen. Ansonsten hab ich den Echtzeitschutz von Avira jetzt mal abgeschaltet. Dann sollte ja EmsiSoft alles regeln. Benutze EmsiSoft Internet Security schon seit es vor ein paar Monaten raus ist, vorher hatte ich die beiden Einzelprodukte. |
29.06.2015, 10:41 | #15 | |
/// TB-Ausbilder | Meldung Sperrung des Browsers durch "Interpol" mit Paysafe ZahlungsaufforderungZitat:
http://static-cdn.malwarebytes.org/a...tingReport.pdf Emsisoft steht zwar nicht explizit in der Liste, aber die arbeiten sehr gut zusammen:
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
Themen zu Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung |
administrator, adobe, adware, amplitude, antivir, antivirus, blackhole, defender, desktop, ebay, explorer, flash player, google, homepage, internet, internet explorer, mozilla, registry, scan, security, services.exe, software, svchost.exe, system, udp, windows, winlogon.exe |