Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Tr drop agent (https://www.trojaner-board.de/162860-tr-drop-agent.html)

KDTMaster 17.01.2015 00:45
Tr drop agent
 
Guten Tag!
Ich suchte heute zu einem Gewissen TR drop agent den mein Avira entdeckt hatte ein wenig Hilfe im Internet und stieß auf folgenden Beitrag: [HTML=tr-drop-agent-219420-adware-crossrider-a-10448]THEMA[/HTML].

Die Problembeschreibung traf bei mir ebenso zu, nur das ich ca. alle 20 Minuten eine Fehlermeldung bekam: Datei "xyz" aus dem Temp Ordner meiner Userfiles könne wegen mangelnder Ressourcen nicht geöffnet werden. Also beschloss ich kurzerhand die Schritte im oben genannten Thema Stück für Stück abzuarbeiten. Leistungeinbuße konnte ich bisher keine mehr Feststellen, ebensowenig trat die Fehlermeldung wieder auf (daher auch leider kein Screenshot o.ä.) Verfügbar habe ich jedoch noch die Log Dateien, und da ich mir nicht Sicher bin ob das ganze nun "gegessen" ist entschloss ich mich dann doch einmal einen neuen Beitrag zu verfassen und mir eure Hilfe dazu zu holen.

MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 23:40:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.14
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 377873
Verstrichene Zeit: 12 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner

Code:
# AdwCleaner v4.107 - Bericht erstellt am 17/01/2015 um 00:09:42
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : winzipersvc
Dienst Gelöscht : iSafeKrnlMon

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\ytd video downloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
[!] Ordner Gelöscht : C:\Program Files (x86)\Elex-tech
Ordner Gelöscht : C:\Users\User\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Industriya
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Sense
Ordner Gelöscht : C:\Users\User\AppData\Roaming\337Games
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Roaming\DownLite
Ordner Gelöscht : C:\Users\User\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\User\AppData\Roaming\WinZipper
[!] Ordner Gelöscht : C:\Users\User\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : ShopperPro
Task Gelöscht : ShopperProJSUpd
Task Gelöscht : SMupdate1
Task Gelöscht : SPDriver
Task Gelöscht : YTDownloader
Task Gelöscht : YTDownloaderUpd

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\5d558f8cbd3bed15
Schlüssel Gelöscht : HKLM\SOFTWARE\5d558f8cbd3bed15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902259}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902261}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622972295}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905559}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905561}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655975595}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906661}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666976695}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904461}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644974495}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902259}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902261}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622972295}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6D3C9858-2674-46E1-9112-107340758481}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{909112FE-C4A2-4990-A499-E58867D55B15}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B618C19D-A418-4586-80C6-09DBDA9C748E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B68B00A0-95B9-4162-BA45-7A1113317DA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E413D78F-283C-45F1-9992-8EF7D55A4933}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905559}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905561}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655975595}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906659}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906661}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666976695}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901161}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46C74900-0019-4AFB-B7D9-3770D5319FEB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46C74900-0019-4AFB-B7D9-3770D5319FEB}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\ShopperPro
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\V9
Schlüssel Gelöscht : HKCU\Software\YTDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SafetyNut
Schlüssel Gelöscht : HKLM\SOFTWARE\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v


-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [19939 octets] - [17/01/2015 00:07:49]
AdwCleaner[S0].txt - [18985 octets] - [17/01/2015 00:09:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19046 octets] ##########
Und letzten Endes JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 17.01.2015 at  0:22:00,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafekrnlkit
Failed to stop: [Service] isafekrnlr3
Failed to stop: [Service] isafenetfilter
Failed to stop: [Service] isafeservice



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46C74900-0019-4AFB-B7D9-3770D5319FEB}
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF}



~~~ Files

Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage"
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\elex-tech"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\hosts"
Failed to delete: [Folder] "C:\Program Files (x86)\elex-tech"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2015 at  0:26:08,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ich weiß ich rolle das ganze grad irgendwie von der falschen Seite auf aber ich hoffe dennoch das mir vielleicht geholfen werden kann,

vielen Dank im voraus für die Hilfe,
KDT

deeprybka 17.01.2015 00:52
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

KDTMaster 17.01.2015 16:46
Danke für die schnelle Antwort! ;)

Und hier kommen die Logs:

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by User (administrator) on USER-PC on 17-01-2015 16:41:00
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtlService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtWLan.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502SysAudioLauncher.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Curse) C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Razer, Inc.) C:\Users\User\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfBrowser.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Kraken0502Launcher] => C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502SysAudioLauncher.exe [865088 2014-05-23] (Razer Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\...\MountPoints2: {5af73e6f-a793-11e2-a0f1-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\...\MountPoints2: {cb91d5cb-81e8-11e2-a29c-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-04] (Google Inc.)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40176 2015-01-12] (Overwolf LTD)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {5af73e6f-a793-11e2-a0f1-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {cb91d5cb-81e8-11e2-a29c-806e6f6e6963} - D:\Bin\ASSETUP.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1000 -> DefaultScope {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {46C74900-0019-4AFB-B7D9-3770D5319FEB} URL = hxxp://searchou.com/?q={searchTerms}&id=6cae971d000000000000902b34a9276f&affilt=5&r=698
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=492EB85A-62E5-41FA-B1A7-3CF1948F6081&apn_sauid=BA47120A-9153-4B0F-9CB2-9888B5EB7DD8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\K3vy4jQB.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\K3vy4jQB.default\Extensions\abs@avira.com [2015-01-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://eu.battle.net/wow/de/
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420812809&from=obw&uid=WDCXWD10EALX-009BA0_WD-WCATR889466094660"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-04]
CHR Extension: (Battlefield Heroes) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-07-14]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-04]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-17] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-17] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-07-05] (EasyAntiCheat Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-12] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-18] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 Realtek11nSU; C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-10] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-08-03] (BitRaider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-06-21] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-12-13] (Scarlet.Crush Productions)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-03-08] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [198144 2011-03-08] (VIA Technologies, Inc.)
S3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S2 SPDRIVER_1463.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1463.0.0.0\jsdrv.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 16:41 - 2015-01-17 16:41 - 00024807 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-17 16:40 - 2015-01-17 16:41 - 00000000 ____D () C:\FRST
2015-01-17 16:39 - 2015-01-17 16:39 - 02125824 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-17 16:35 - 2015-01-17 16:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\VSRevoGroup
2015-01-17 16:32 - 2015-01-17 16:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\Elex-tech
2015-01-17 00:29 - 2015-01-17 00:29 - 01156136 _____ (Ruiware) C:\Users\User\Downloads\wpsetup.exe
2015-01-17 00:26 - 2015-01-17 00:26 - 00001698 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-17 00:21 - 2015-01-17 00:21 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-01-17 00:21 - 2015-01-17 00:21 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 00:14 - 2015-01-17 00:14 - 00019391 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2015-01-17 00:07 - 2015-01-17 00:10 - 00000000 ____D () C:\AdwCleaner
2015-01-16 23:57 - 2015-01-16 23:58 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-16 23:57 - 2015-01-16 23:57 - 00001202 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-16 23:40 - 2015-01-16 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 23:40 - 2015-01-16 23:40 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 23:40 - 2015-01-16 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 23:39 - 2015-01-16 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 23:39 - 2015-01-16 23:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 23:39 - 2015-01-16 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 23:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 23:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 23:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 23:28 - 2015-01-16 23:28 - 00001276 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-16 23:28 - 2015-01-16 23:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-16 23:27 - 2015-01-16 23:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-16 10:11 - 2015-01-17 00:10 - 00000000 ____D () C:\Windows\system32\log
2015-01-16 10:11 - 2015-01-16 10:11 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-16 10:11 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-01-14 12:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:03 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:03 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:03 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:03 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:03 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:03 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 21:03 - 2015-01-13 21:03 - 02087676 _____ () C:\Users\User\Downloads\wowcataclysm.ts3_style
2015-01-10 15:46 - 2015-01-10 15:46 - 00001145 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-10 15:42 - 2015-01-10 15:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2015-01-10 15:40 - 2015-01-10 15:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-01-10 15:35 - 2015-01-17 16:31 - 00000504 _____ () C:\Windows\setupact.log
2015-01-10 15:35 - 2015-01-17 00:12 - 00602114 _____ () C:\Windows\PFRO.log
2015-01-10 15:35 - 2015-01-10 15:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 15:33 - 2015-01-10 15:28 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-10 15:25 - 2015-01-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-10 15:25 - 2015-01-10 15:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 15:25 - 2015-01-10 15:39 - 00000000 ____D () C:\ProgramData\Avira
2015-01-10 15:25 - 2015-01-10 15:25 - 00002078 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-10 00:03 - 2015-01-10 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-10 00:02 - 2015-01-10 00:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-10 00:02 - 2015-01-10 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-09 15:15 - 2015-01-09 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\fd59143e-f9fb-4c93-b8bb-7348f6ed0cf4
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\55f2ef46-9093-4660-b783-cd4eeb124d97
2015-01-09 15:11 - 2015-01-17 16:32 - 00001332 _____ () C:\Windows\Tasks\PRHSC.job
2015-01-09 15:11 - 2015-01-09 15:12 - 00004354 _____ () C:\Windows\System32\Tasks\PRHSC
2015-01-09 15:10 - 2015-01-09 20:31 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2015-01-09 15:09 - 2015-01-17 16:32 - 00001680 _____ () C:\Windows\Tasks\OGHJMXG.job
2015-01-09 15:09 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\19eda80f-f751-44ff-b105-8efb6aae8bc8
2015-01-09 15:09 - 2015-01-09 15:09 - 00004702 _____ () C:\Windows\System32\Tasks\OGHJMXG
2015-01-06 20:38 - 2015-01-06 20:38 - 00000366 _____ () C:\Users\User\Downloads\launcher.settings
2015-01-06 20:38 - 2015-01-06 20:38 - 00000187 _____ () C:\Users\User\Downloads\eula.settings
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\swtor
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\Movies
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\Assets
2015-01-06 20:37 - 2015-01-06 20:49 - 00000000 ____D () C:\Users\User\Downloads\bitraider
2015-01-06 20:37 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\User\Downloads\locales
2015-01-06 20:37 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\User\Downloads\EULAs
2015-01-06 20:37 - 2012-03-14 19:39 - 00010560 _____ () C:\Users\User\Downloads\eualas.version
2015-01-06 20:36 - 2015-01-06 20:37 - 18021088 _____ () C:\Users\User\Downloads\LauncherRepairUtilityP1.78.3a.exe
2015-01-06 20:15 - 2015-01-10 15:24 - 00000000 ____D () C:\Users\User\Documents\registry
2015-01-04 13:44 - 2015-01-04 13:44 - 00000000 ____D () C:\Users\User\Documents\Wolves
2015-01-04 13:40 - 2015-01-04 13:40 - 00000000 ____D () C:\Users\User\Documents\Aeternitas
2015-01-01 17:25 - 2015-01-01 17:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Doublefine
2014-12-30 14:29 - 2014-12-30 14:29 - 05994752 _____ (Wargaming.net ) C:\Users\User\Downloads\WoT_internet_install_eu.exe
2014-12-30 14:29 - 2014-12-30 14:29 - 00000777 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2014-12-30 14:29 - 2014-12-30 14:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-12-23 19:36 - 2014-12-23 19:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-18 17:01 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 17:01 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 16:40 - 2011-05-07 00:46 - 01969389 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 16:40 - 2009-07-14 05:45 - 00032928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 16:40 - 2009-07-14 05:45 - 00032928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 16:36 - 2013-05-04 13:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-17 16:35 - 2013-10-31 21:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Raptr
2015-01-17 16:35 - 2013-09-09 20:56 - 00000000 ____D () C:\Users\User\AppData\Local\Overwolf
2015-01-17 16:35 - 2013-09-02 21:35 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-01-17 16:32 - 2014-06-14 14:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 16:32 - 2014-03-03 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2015-01-17 16:32 - 2013-02-28 17:56 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-01-17 16:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 02:23 - 2013-05-08 22:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-17 01:29 - 2013-05-04 13:06 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
2015-01-17 01:28 - 2014-06-14 14:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 01:25 - 2013-08-12 17:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 00:21 - 2014-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-17 00:10 - 2013-05-04 13:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-17 00:10 - 2012-03-13 10:15 - 00001001 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-17 00:00 - 2014-10-17 14:34 - 00000000 ____D () C:\Windows\Razer Core
2015-01-16 20:46 - 2014-02-11 18:20 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-16 15:43 - 2013-05-05 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-16 12:29 - 2013-05-04 13:06 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
2015-01-15 01:08 - 2013-08-15 18:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:59 - 2013-05-04 12:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:28 - 2014-09-01 10:29 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 21:27 - 2013-08-12 17:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:27 - 2013-08-12 17:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:27 - 2013-08-04 15:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 16:12 - 2014-08-30 08:37 - 00000002 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-10 18:50 - 2013-07-18 17:12 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2015-01-10 18:50 - 2013-07-18 17:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-10 15:47 - 2013-09-30 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-10 15:34 - 2013-05-17 23:26 - 00007612 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-01-10 12:55 - 2009-07-14 03:34 - 00000532 _____ () C:\Windows\win.ini
2015-01-09 16:11 - 2013-12-18 19:11 - 00000276 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-09 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-06 19:57 - 2014-05-02 18:46 - 00000000 ____D () C:\Windows\Minidump
2015-01-06 19:57 - 2013-06-29 16:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 14:29 - 2013-05-05 01:21 - 00000000 ____D () C:\Games
2014-12-24 23:03 - 2014-10-17 14:30 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-20 17:48 - 2013-05-06 07:32 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-12-20 02:26 - 2014-06-12 09:34 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-19 22:28 - 2014-06-13 12:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-19 19:19 - 2013-05-04 16:02 - 00000000 ____D () C:\ProgramData\Origin
2014-12-19 18:55 - 2013-05-04 16:02 - 00000000 ____D () C:\Program Files (x86)\Origin

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\User\AppData\Roaming\OGHJMXG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\User\AppData\Roaming\PRHSC
2013-12-18 19:11 - 2015-01-09 16:11 - 0000276 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-12-08 17:32 - 2014-12-08 17:32 - 0002071 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2013-05-17 23:26 - 2015-01-10 15:34 - 0007612 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-08-06 17:06 - 2014-08-06 17:06 - 0000000 _____ () C:\Users\User\AppData\Local\{4833967D-10F3-4B50-A480-F8BDEFC692BF}

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\System.Data.SQLitedfe27784-bc37-48f4-b50e-1d8b7f34482f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 03:07

==================== End Of Log ============================
--- --- ---


Und Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by User at 2015-01-17 16:42:33
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version:  - 11 bit studios)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.05 - TOSHIBA CORPORATION)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes 2 - Beta (HKLM-x32\...\Steam App 317170) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Curse Client (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Ge-Force (HKLM-x32\...\Ge-Force) (Version: 1.36.01.08 - iWebar) <==== ATTENTION
Ghost Recon Online (EU) (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\d8be6c3f847d7d92) (Version: 1.34.8140.2 - Ubisoft)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HQ-Video-Pro-2.1cV09.01 (HKLM-x32\...\HQ-Video-Pro-2.1cV09.01) (Version: 1.36.01.08 - HQ-VideoV09.01) <==== ATTENTION
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
March of War (HKLM-x32\...\Steam App 234310) (Version:  - ISOTX)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.104.0 - Overwolf Ltd.)
Parsec (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\a53dc3b81e52c50e) (Version: 1.0.0.53 - Parsec)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProconRulz Tool (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\fb97684529d370f0) (Version: 1.1.0.1 - ProconRulz Tool)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Ragnarok Online - Free to Play - European Version (HKLM-x32\...\Steam App 250740) (Version:  - Gravity Europe SAS)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Rugby 15 (HKLM-x32\...\Steam App 303820) (Version:  - HB Studios)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version:  - Crytek)
Shattered Horizon (HKLM-x32\...\Steam App 18110) (Version:  - Futuremark)
Sitecom WiFi USB adapter N300 Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - Sitecom Europe BV)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2529.2 - Hi-Rez Studios)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version:  - Little Green Men Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer 40,000: Kill Team (HKLM-x32\...\Steam App 275610) (Version:  - Nomad Games)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{cf79ccef-31d1-4d3d-9f10-62a379cca9aa}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

15-01-2015 00:58:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0564E61C-27E7-4037-955B-019E78B4F741} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0A8872E7-D4DA-47C5-AB46-41C3F7C6D6F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {0AE830F0-9F50-4EC4-9484-A7FF1B47C716} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {23A0B9DC-5C11-4267-AD41-A5A9AB8CF626} - System32\Tasks\PRHSC => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION
Task: {3695D0C4-0052-4FC1-BFEE-BE77915D1908} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {3B7156F7-A46E-4ACD-8ED6-E523974BD32D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {6151ED29-57A6-497B-A4A4-83244E7D790C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {6EA174DF-FCAB-46EB-A2BB-EBCDDBD05F43} - System32\Tasks\OGHJMXG => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: {7E6A66C1-733E-4E6A-BEBC-3CB3049033C4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {873D32DC-A26A-4414-A484-53ADA758A327} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CD05EA32-0A73-40F7-8DEB-0596B3BC8748} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-12] (Overwolf LTD)
Task: {ED16BD68-D5BC-4097-97C8-8A5194394EF1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {F918C646-5924-43C6-8424-301BBE4FDF95} - System32\Tasks\User_Feed_Synchronization-{CADF73C4-3ADD-4156-86B5-A0B47B1A2ECF}
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OGHJMXG.job => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: C:\Windows\Tasks\PRHSC.job => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2013-12-02 18:01 - 2014-07-12 20:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-05-07 01:07 - 2010-01-21 00:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 01:07 - 2010-01-21 00:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 01:07 - 2010-01-21 00:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 01:07 - 2010-01-21 00:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-10-10 13:29 - 2014-10-10 13:29 - 00016384 ____N () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-06-23 13:57 - 2014-06-23 13:57 - 00035840 _____ () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-10 13:29 - 2014-10-10 13:29 - 00099840 ____N () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2014-11-20 09:23 - 2014-11-20 09:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-16 10:11 - 2015-01-15 07:43 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-01-16 10:11 - 2015-01-15 07:43 - 00185656 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-05-23 08:54 - 2014-05-23 08:54 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502DevProps.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\CoreAudioApi.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libcef.DLL
2013-05-11 12:38 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\EnumDevLib.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-12-16 19:40 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 07:02 - 2014-11-20 07:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-12-16 19:40 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libglesv2.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libegl.dll
2015-01-16 16:31 - 2015-01-09 01:35 - 01077064 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 16:31 - 2015-01-09 01:35 - 00211272 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 16:31 - 2015-01-09 01:35 - 09009480 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 16:31 - 2015-01-09 01:35 - 01677128 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SPDRIVER_1463.0.0.0
Description: SPDRIVER_1463.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SPDRIVER_1463.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 04:40:40 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (01/17/2015 04:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 01:28:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 00:28:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (01/17/2015 04:37:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (01/17/2015 04:31:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1463.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/17/2015 04:31:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (01/17/2015 04:40:40 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (01/17/2015 04:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 01:28:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 00:28:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 8173.55 MB
Available physical RAM: 4398.74 MB
Total Pagefile: 16345.29 MB
Available Pagefile: 11800.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:128.05 GB) NTFS
Drive d: (49232_49233) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 477201BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 17.01.2015 20:03
Hi, so geht's weiter... ;)

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
File: C:\Users\User\AppData\Roaming\PRHSC.exe
C:\Users\User\AppData\Roaming\PRHSC.exe
File: C:\Users\User\AppData\Roaming\OGHJMXG.exe
C:\Users\User\AppData\Roaming\OGHJMXG.exe
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Task: {23A0B9DC-5C11-4267-AD41-A5A9AB8CF626} - System32\Tasks\PRHSC => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION
Task: {6EA174DF-FCAB-46EB-A2BB-EBCDDBD05F43} - System32\Tasks\OGHJMXG => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: {7E6A66C1-733E-4E6A-BEBC-3CB3049033C4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {ED16BD68-D5BC-4097-97C8-8A5194394EF1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\OGHJMXG.job => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: C:\Windows\Tasks\PRHSC.job => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION
2015-01-09 15:15 - 2015-01-09 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\fd59143e-f9fb-4c93-b8bb-7348f6ed0cf4
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\55f2ef46-9093-4660-b783-cd4eeb124d97
2015-01-09 15:11 - 2015-01-17 16:32 - 00001332 _____ () C:\Windows\Tasks\PRHSC.job
2015-01-09 15:11 - 2015-01-09 15:12 - 00004354 _____ () C:\Windows\System32\Tasks\PRHSC
2015-01-09 15:10 - 2015-01-09 20:31 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2015-01-09 15:09 - 2015-01-17 16:32 - 00001680 _____ () C:\Windows\Tasks\OGHJMXG.job
2015-01-09 15:09 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\19eda80f-f751-44ff-b105-8efb6aae8bc8
2015-01-09 15:09 - 2015-01-09 15:09 - 00004702 _____ () C:\Windows\System32\Tasks\OGHJMXG
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1000 -> DefaultScope {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {46C74900-0019-4AFB-B7D9-3770D5319FEB} URL = hxxp://searchou.com/?q={searchTerms}&id=6cae971d000000000000902b34a9276f&affilt=5&r=698
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} URL = hxxp://websear
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Bitte poste mir die Fixlog.txt.



Schritt 2

Bitte deinstalliere folgende Programme:

Ge-Force
Google Update Helper
HQ-Video-Pro-2.1cV09.01
YAC


Versuche es bei Windows 7 http://deeprybka.trojaner-board.de/b...ne/revo/w7.png zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 3

Echtzeitschutz des Virenscanners abschalten.

http://www.deeprybka.trojaner-board.de/zoek/avira.gif

Schritt 4
Download von https://sites.google.com/site/canned...b27e2-Zoek.png ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    filesrcm;
    systemspecs;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.

    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

KDTMaster 18.01.2015 00:47
Alles ausgeführt ;)
Hier die Logs.


frst fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by User at 2015-01-17 23:42:58 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
File: C:\Users\User\AppData\Roaming\PRHSC.exe
C:\Users\User\AppData\Roaming\PRHSC.exe
File: C:\Users\User\AppData\Roaming\OGHJMXG.exe
C:\Users\User\AppData\Roaming\OGHJMXG.exe
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Task: {23A0B9DC-5C11-4267-AD41-A5A9AB8CF626} - System32\Tasks\PRHSC => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION
Task: {6EA174DF-FCAB-46EB-A2BB-EBCDDBD05F43} - System32\Tasks\OGHJMXG => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: {7E6A66C1-733E-4E6A-BEBC-3CB3049033C4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {ED16BD68-D5BC-4097-97C8-8A5194394EF1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\OGHJMXG.job => C:\Users\User\AppData\Roaming\OGHJMXG.exe <==== ATTENTION
Task: C:\Windows\Tasks\PRHSC.job => C:\Users\User\AppData\Roaming\PRHSC.exe <==== ATTENTION
2015-01-09 15:15 - 2015-01-09 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\fd59143e-f9fb-4c93-b8bb-7348f6ed0cf4
2015-01-09 15:12 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\55f2ef46-9093-4660-b783-cd4eeb124d97
2015-01-09 15:11 - 2015-01-17 16:32 - 00001332 _____ () C:\Windows\Tasks\PRHSC.job
2015-01-09 15:11 - 2015-01-09 15:12 - 00004354 _____ () C:\Windows\System32\Tasks\PRHSC
2015-01-09 15:10 - 2015-01-09 20:31 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2015-01-09 15:10 - 2015-01-09 15:10 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2015-01-09 15:09 - 2015-01-17 16:32 - 00001680 _____ () C:\Windows\Tasks\OGHJMXG.job
2015-01-09 15:09 - 2015-01-10 18:50 - 00000000 ____D () C:\Program Files (x86)\19eda80f-f751-44ff-b105-8efb6aae8bc8
2015-01-09 15:09 - 2015-01-09 15:09 - 00004702 _____ () C:\Windows\System32\Tasks\OGHJMXG
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1000 -> DefaultScope {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {46C74900-0019-4AFB-B7D9-3770D5319FEB} URL = hxxp://searchou.com/?q={searchTerms}&id=6cae971d000000000000902b34a9276f&affilt=5&r=698
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} URL = hxxp://websear
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com
*****************

Processes closed successfully.

========================= File: C:\Users\User\AppData\Roaming\PRHSC.exe ========================

"C:\Users\User\AppData\Roaming\PRHSC.exe" not found.
====== End Of File: ======

"C:\Users\User\AppData\Roaming\PRHSC.exe" => File/Directory not found.

========================= File: C:\Users\User\AppData\Roaming\OGHJMXG.exe ========================

"C:\Users\User\AppData\Roaming\OGHJMXG.exe" not found.
====== End Of File: ======

"C:\Users\User\AppData\Roaming\OGHJMXG.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23A0B9DC-5C11-4267-AD41-A5A9AB8CF626}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A0B9DC-5C11-4267-AD41-A5A9AB8CF626}" => Key deleted successfully.
C:\Windows\System32\Tasks\PRHSC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PRHSC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EA174DF-FCAB-46EB-A2BB-EBCDDBD05F43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA174DF-FCAB-46EB-A2BB-EBCDDBD05F43}" => Key deleted successfully.
C:\Windows\System32\Tasks\OGHJMXG => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OGHJMXG" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E6A66C1-733E-4E6A-BEBC-3CB3049033C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6A66C1-733E-4E6A-BEBC-3CB3049033C4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED16BD68-D5BC-4097-97C8-8A5194394EF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED16BD68-D5BC-4097-97C8-8A5194394EF1}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
C:\Windows\Tasks\OGHJMXG.job => Moved successfully.
C:\Windows\Tasks\PRHSC.job => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream => Moved successfully.
C:\Program Files (x86)\fd59143e-f9fb-4c93-b8bb-7348f6ed0cf4 => Moved successfully.
C:\Program Files (x86)\55f2ef46-9093-4660-b783-cd4eeb124d97 => Moved successfully.
"C:\Windows\Tasks\PRHSC.job" => File/Directory not found.
"C:\Windows\System32\Tasks\PRHSC" => File/Directory not found.
C:\Program Files (x86)\Opera => Moved successfully.
C:\Users\User\AppData\Roaming\Opera Software => Moved successfully.
C:\Users\User\AppData\Local\Opera Software => Moved successfully.
"C:\Windows\Tasks\OGHJMXG.job" => File/Directory not found.
C:\Program Files (x86)\19eda80f-f751-44ff-b105-8efb6aae8bc8 => Moved successfully.
"C:\Windows\System32\Tasks\OGHJMXG" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46C74900-0019-4AFB-B7D9-3770D5319FEB} => Key could not be deleted.
HKCR\CLSID\{46C74900-0019-4AFB-B7D9-3770D5319FEB} => Key not found.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} => Key could not be deleted.
HKCR\CLSID\{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key could not be deleted.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key could not be deleted.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Chrome StartupUrls deleted successfully.


The system needed a reboot.

==== End of Fixlog 23:43:11 ====
zoek:

Code:
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by User on 18.01.2015 at  0:07:00,08.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.01.2015 00:08:14 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MeteorEntertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\User\AppData\Local\Solid State Networks deleted successfully
C:\Users\User\AppData\Local\VirtualStore deleted successfully
C:\Users\User\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11451926-1C6C-4E15-BB90-7CD9395D276B} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11451926-1C6C-4E15-BB90-7CD9395D276B} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15CADE95-A53C-436C-B711-8596322BDD53} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15CADE95-A53C-436C-B711-8596322BDD53} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18A667EF-13CE-4F1F-B9F0-939657A5F5EA} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18A667EF-13CE-4F1F-B9F0-939657A5F5EA} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A611011-E50C-4376-9A31-2355211244EB} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A611011-E50C-4376-9A31-2355211244EB} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F75B472-7F24-4C12-B8CB-E233C68E5C} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F75B472-7F24-4C12-B8CB-E233C68E5C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F97527B-7F58-412A-AD6C-ED996254A92} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F97527B-7F58-412A-AD6C-ED996254A92} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FB6B4AF-6E39-4984-832E-7EAEE16A931D} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FB6B4AF-6E39-4984-832E-7EAEE16A931D} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21626F3E-34BB-43E0-8FCD-812C1294F4DF} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21626F3E-34BB-43E0-8FCD-812C1294F4DF} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25684B00-5749-4069-B385-211953604431} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25684B00-5749-4069-B385-211953604431} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25CE6742-BA0C-4C7D-ABBB-FD505B88952} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25CE6742-BA0C-4C7D-ABBB-FD505B88952} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C3E7F83-3BB7-4275-BB51-1197802DCAA9} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C3E7F83-3BB7-4275-BB51-1197802DCAA9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{365EF3B5-AC2F-4D2D-A037-621D603E3B18} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{365EF3B5-AC2F-4D2D-A037-621D603E3B18} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D42984-7A68-48D9-93E2-8FA1873E4F78} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D42984-7A68-48D9-93E2-8FA1873E4F78} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DDFB159-1B6A-43BA-85FC-E5C0E8C2A4D6} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DDFB159-1B6A-43BA-85FC-E5C0E8C2A4D6} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40F62236-FAB4-46AA-B369-C86563DE0B} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40F62236-FAB4-46AA-B369-C86563DE0B} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{454FD99F-5-41F2-BBBC-372F4EDA86F} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{454FD99F-5-41F2-BBBC-372F4EDA86F} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{482E6902-E54C-4B4F-8B27-860FC689C16} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{482E6902-E54C-4B4F-8B27-860FC689C16} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DD02CF-EC33-4DFE-B7DF-BBE7C64536D} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DD02CF-EC33-4DFE-B7DF-BBE7C64536D} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F30DCD4-3018-45EB-BA6F-553179EF8147} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F30DCD4-3018-45EB-BA6F-553179EF8147} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F37061C-964D-4F86-8721-A2419F4DF373} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F37061C-964D-4F86-8721-A2419F4DF373} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517CDEE3-7D5C-48E8-BA86-68FD8F8D2E2} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517CDEE3-7D5C-48E8-BA86-68FD8F8D2E2} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{547BEB08-F1DF-4056-9C7E-E1DB7019779E} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{547BEB08-F1DF-4056-9C7E-E1DB7019779E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562420C7-23C5-4E28-BB16-4464BAFF219} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562420C7-23C5-4E28-BB16-4464BAFF219} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{567722EF-EBF2-44FE-AA78-A494315EC580} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{567722EF-EBF2-44FE-AA78-A494315EC580} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5876C606-2EC7-4C4C-96F9-FD679A755C34} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5876C606-2EC7-4C4C-96F9-FD679A755C34} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5953D8C3-41D8-46BC-AB86-A58739F0343D} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5953D8C3-41D8-46BC-AB86-A58739F0343D} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C50F2FC-F04D-4E14-8B73-964F214A6343} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C50F2FC-F04D-4E14-8B73-964F214A6343} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D7EBBD7-ADBF-4B22-8642-DF1343DA9989} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D7EBBD7-ADBF-4B22-8642-DF1343DA9989} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6323FE7A-80D0-448A-933E-C4BDD18344D} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6323FE7A-80D0-448A-933E-C4BDD18344D} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64CFC105-B351-441D-B5BA-3AA3E5112C7E} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64CFC105-B351-441D-B5BA-3AA3E5112C7E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65AB3DFE-C45F-49FF-8427-8A52B8833BCC} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65AB3DFE-C45F-49FF-8427-8A52B8833BCC} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67595CE4-73C8-44AF-89B0-F3C2996BEE5C} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67595CE4-73C8-44AF-89B0-F3C2996BEE5C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C8F9F6-1C3C-4158-835-5A6F52B492AD} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C8F9F6-1C3C-4158-835-5A6F52B492AD} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F33E942-91D9-4DB2-8532-7B80E3254DC0} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F33E942-91D9-4DB2-8532-7B80E3254DC0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74F1ABD7-2CA1-46D2-8C2A-F363736BE3} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74F1ABD7-2CA1-46D2-8C2A-F363736BE3} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75BE1AEA-FC75-452F-9DAC-2074CE1677A3} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75BE1AEA-FC75-452F-9DAC-2074CE1677A3} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E794D5-C62-4AD9-BCAF-F0D4815AC4F0} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E794D5-C62-4AD9-BCAF-F0D4815AC4F0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1B6ED8-939B-4F88-8D0-59A29B7C1C66} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1B6ED8-939B-4F88-8D0-59A29B7C1C66} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89B346D9-FCDA-435E-A47A-E9A08BB281FA} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89B346D9-FCDA-435E-A47A-E9A08BB281FA} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AFD2BA1-CD7F-46B2-B217-699278F313D} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AFD2BA1-CD7F-46B2-B217-699278F313D} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9176D713-2D45-4E23-84F3-25D6C01C78CC} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9176D713-2D45-4E23-84F3-25D6C01C78CC} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DFE36FD-E920-4BD5-8751-A9493A2761D6} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DFE36FD-E920-4BD5-8751-A9493A2761D6} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2B42C64-9712-4557-A9B5-D0E6DE44FF4F} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2B42C64-9712-4557-A9B5-D0E6DE44FF4F} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5621B71-E5FF-4897-A6B-8A63C318897C} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5621B71-E5FF-4897-A6B-8A63C318897C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A77F910F-AE40-4BCB-B547-5C9A2122D472} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A77F910F-AE40-4BCB-B547-5C9A2122D472} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9E419E6-9E9A-4533-A47-48E851488C1B} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9E419E6-9E9A-4533-A47-48E851488C1B} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABA99D17-77C2-4D79-A524-6D652ACBB5E} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABA99D17-77C2-4D79-A524-6D652ACBB5E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2EA8B9-8115-4280-9392-8F66BFBA4} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2EA8B9-8115-4280-9392-8F66BFBA4} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBC5B525-3EE6-4CEC-914F-37A93D43499} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBC5B525-3EE6-4CEC-914F-37A93D43499} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC0B24BF-4C49-4C41-8750-DDF1C8618E5} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC0B24BF-4C49-4C41-8750-DDF1C8618E5} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD7488D0-6ED0-49AB-B1E6-2F334F81BF9} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD7488D0-6ED0-49AB-B1E6-2F334F81BF9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3222B50-9C1D-4F17-B0C7-91A7DE10655E} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3222B50-9C1D-4F17-B0C7-91A7DE10655E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C73E662F-DFED-45F2-ADA2-717F787B7E60} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C73E662F-DFED-45F2-ADA2-717F787B7E60} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8598070-4E91-42B1-AD98-5389C1EE3FF9} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8598070-4E91-42B1-AD98-5389C1EE3FF9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF366756-FF15-4F1D-96C9-42517BE1BDA0} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF366756-FF15-4F1D-96C9-42517BE1BDA0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B6AD05-3C8C-420D-8824-A22AD3E47C} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B6AD05-3C8C-420D-8824-A22AD3E47C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7582165-83ED-4EFF-8699-F7E3BCA3B659} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7582165-83ED-4EFF-8699-F7E3BCA3B659} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD49A0D1-E4EF-400E-BA3B-46B43010BFF9} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD49A0D1-E4EF-400E-BA3B-46B43010BFF9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7F4E20A-B473-489F-BAEE-C31B2C57B3D4} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7F4E20A-B473-489F-BAEE-C31B2C57B3D4} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF53AD77-109E-44B0-83F0-96BBEA9E7877} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF53AD77-109E-44B0-83F0-96BBEA9E7877} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0CFDAC5-4370-4B27-BDB8-D862A2282F78} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0CFDAC5-4370-4B27-BDB8-D862A2282F78} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2C80823-1BFA-4D8C-B1D0-3011A4C6D3A4} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2C80823-1BFA-4D8C-B1D0-3011A4C6D3A4} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4C47F09-9A41-497F-A46-B76F5033571C} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4C47F09-9A41-497F-A46-B76F5033571C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F644D8D9-54CE-47F7-A045-9A3BEADBD333} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F644D8D9-54CE-47F7-A045-9A3BEADBD333} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07be9b1a-5de0-4115-b212-7f7bca1eee1c} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e662a0a-4653-45a0-99ba-4f3a9ab46cf3} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{298d2c76-09e1-461e-a899-87eaad0d5a25} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{478c2ed4-7117-4d9b-875f-c1cdc08114d6} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6dd9d60e-2ef4-4cb1-91b1-a83bb2e480b4} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7e675753-74ca-4dde-93df-6ae14686e4be} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9076b01c-f54e-4596-af60-cd4fd738b10a} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cbf24cc4-88ca-4466-8889-b20e66c924bb} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d7d209c2-00e7-4699-9356-81b86fb6bd92} deleted successfully
HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9765fc5-4089-4641-83d2-204f5754a50b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07be9b1a-5de0-4115-b212-7f7bca1eee1c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e662a0a-4653-45a0-99ba-4f3a9ab46cf3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{298d2c76-09e1-461e-a899-87eaad0d5a25} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{478c2ed4-7117-4d9b-875f-c1cdc08114d6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6dd9d60e-2ef4-4cb1-91b1-a83bb2e480b4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7e675753-74ca-4dde-93df-6ae14686e4be} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9076b01c-f54e-4596-af60-cd4fd738b10a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cbf24cc4-88ca-4466-8889-b20e66c924bb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d7d209c2-00e7-4699-9356-81b86fb6bd92} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9765fc5-4089-4641-83d2-204f5754a50b} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\Program Files\Common Files\System\SysMenu64.dll deleted
C:\install.exe deleted
C:\Users\User\AppData\Roaming\WB.CFG deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\AppData\Local\avgchrome deleted
C:\Users\User\AppData\LocalLow\boost_interprocess deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\K3vy4jQB.default\extensions\abs@avira.com deleted
"C:\Users\User\AppData\Local\{4833967D-10F3-4B50-A480-F8BDEFC692BF}" deleted
"C:\Users\User\AppData\Roaming\OGHJMXG" deleted
"C:\Users\User\AppData\Roaming\PRHSC" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8174 MB
CPU Info: AMD FX(tm)-6100 Six-Core Processor
CPU Speed: 3312,3 MHz
Sound Card: Kopfhörer (Razer Kraken USB) |
Display Adapters: AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Hamachi Network Interface
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NS72
Ports: COM1 | COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  931,4GB
Hard Disks - Free: C:  135,7GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 03/20/12 | GBT    - 42302e31
Time Zone: Mitteleuropäische Zeit
Motherboard *: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17501
Google Chrome version: 39.0.2171.99
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
2015-01-16 23:21:52        E0DC8C6BBC787B972A9A468648DBFD85        1008128        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-16 23:21:52        D202BAA425176287017FFE1FB5D1B77C        103424        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\libintl3.dll
2015-01-16 23:21:52        57CAC848FA14AE38F14F9441F8933282        140288        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\pcre3.dll
2015-01-16 23:21:52        547C43567AB8C08EB30F6C6BACB479A3        79360        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\regex2.dll
2015-01-16 23:21:52        2E0323A94915FAAB10A25F3BABF82584        157696        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-16 22:41:13        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\4z_ask.exe
2015-01-16 22:41:13        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\eshellctx64.dll
2015-01-16 22:41:13        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\winzipersvc.exe
2015-01-16 22:41:13        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\ouilibnl.dll
2015-01-16 22:41:13        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\dup.exe
2015-01-16 22:41:13        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\ebase.dll
2015-01-16 22:41:13        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\airzip_ws.exe
2015-01-16 22:41:13        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\WinZipper.exe
2015-01-16 22:41:13        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\{A0C2F221-7B84-4E50-8AD8-A140BE901BD4}\OmigaZip_patch\eshellctx.dll
2015-01-16 22:41:12        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{10BC1BAE-5E76-47AD-8096-B4D4C4588E48}\yac.exe
2015-01-16 21:41:48        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\4z_ask.exe
2015-01-16 21:41:48        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\eshellctx64.dll
2015-01-16 21:41:48        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\winzipersvc.exe
2015-01-16 21:41:48        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\ouilibnl.dll
2015-01-16 21:41:48        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\dup.exe
2015-01-16 21:41:48        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\ebase.dll
2015-01-16 21:41:48        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\airzip_ws.exe
2015-01-16 21:41:48        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\WinZipper.exe
2015-01-16 21:41:48        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\{D801EFB7-9F98-4832-A834-6628929F7F89}\OmigaZip_patch\eshellctx.dll
2015-01-16 21:41:47        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{DCB7D2C6-653E-425B-B146-B246581636C9}\yac.exe
2015-01-16 20:42:58        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\4z_ask.exe
2015-01-16 20:42:58        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\eshellctx64.dll
2015-01-16 20:42:58        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\winzipersvc.exe
2015-01-16 20:42:58        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\ouilibnl.dll
2015-01-16 20:42:58        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\dup.exe
2015-01-16 20:42:58        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\ebase.dll
2015-01-16 20:42:58        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\airzip_ws.exe
2015-01-16 20:42:58        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\WinZipper.exe
2015-01-16 20:42:58        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\{8151E8B8-94C2-4095-AA69-7A774DEAE6B3}\OmigaZip_patch\eshellctx.dll
2015-01-16 20:42:57        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{C7C0E35E-BB6A-47B4-826E-7534DA0D0500}\yac.exe
2015-01-16 19:42:23        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\4z_ask.exe
2015-01-16 19:42:23        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\eshellctx64.dll
2015-01-16 19:42:23        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\winzipersvc.exe
2015-01-16 19:42:23        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\ouilibnl.dll
2015-01-16 19:42:23        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\dup.exe
2015-01-16 19:42:23        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\ebase.dll
2015-01-16 19:42:23        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\airzip_ws.exe
2015-01-16 19:42:23        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\yac.exe
2015-01-16 19:42:23        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\WinZipper.exe
2015-01-16 19:42:23        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{68235218-32DA-4EEC-8F09-35DD2F4CCE82}\{3EC264E8-BA24-4B31-A2EA-FB8C78C07403}\OmigaZip_patch\eshellctx.dll
2015-01-16 18:44:06        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\4z_ask.exe
2015-01-16 18:44:06        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\eshellctx64.dll
2015-01-16 18:44:06        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\winzipersvc.exe
2015-01-16 18:44:06        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\ouilibnl.dll
2015-01-16 18:44:06        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\dup.exe
2015-01-16 18:44:06        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\ebase.dll
2015-01-16 18:44:06        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\airzip_ws.exe
2015-01-16 18:44:06        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\WinZipper.exe
2015-01-16 18:44:06        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\{AEB40A98-3F9F-4AB9-B88E-3BF78313ABA9}\OmigaZip_patch\eshellctx.dll
2015-01-16 18:44:05        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{B43FD302-598A-476E-9EA6-B70F6B95562D}\yac.exe
2015-01-16 17:13:55        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\4z_ask.exe
2015-01-16 17:13:55        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\eshellctx64.dll
2015-01-16 17:13:55        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\winzipersvc.exe
2015-01-16 17:13:55        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\ouilibnl.dll
2015-01-16 17:13:55        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\dup.exe
2015-01-16 17:13:55        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\ebase.dll
2015-01-16 17:13:55        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\airzip_ws.exe
2015-01-16 17:13:55        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\WinZipper.exe
2015-01-16 17:13:55        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\{407B54FF-105D-4F05-B56A-F7ED506EB00C}\OmigaZip_patch\eshellctx.dll
2015-01-16 17:13:54        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{3ECE6008-581A-4A9A-B783-B1A53C484022}\yac.exe
2015-01-16 16:12:17        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\4z_ask.exe
2015-01-16 16:12:17        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\eshellctx64.dll
2015-01-16 16:12:17        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\winzipersvc.exe
2015-01-16 16:12:17        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\ouilibnl.dll
2015-01-16 16:12:17        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\dup.exe
2015-01-16 16:12:17        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\ebase.dll
2015-01-16 16:12:17        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\airzip_ws.exe
2015-01-16 16:12:17        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\yac.exe
2015-01-16 16:12:17        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\WinZipper.exe
2015-01-16 16:12:17        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{4FE2F5E4-C94E-4E93-8EAB-55AE1C7C5E17}\{0E3AE550-3499-465C-8E0D-CAD67E4D9CE9}\OmigaZip_patch\eshellctx.dll
2015-01-16 15:12:44        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\eshellctx64.dll
2015-01-16 15:12:44        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\ouilibnl.dll
2015-01-16 15:12:44        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\ebase.dll
2015-01-16 15:12:44        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\eshellctx.dll
2015-01-16 15:12:43        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\4z_ask.exe
2015-01-16 15:12:43        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\winzipersvc.exe
2015-01-16 15:12:43        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\dup.exe
2015-01-16 15:12:43        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\airzip_ws.exe
2015-01-16 15:12:43        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\yac.exe
2015-01-16 15:12:43        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{34E46094-C99A-4189-AAD1-E2BE82861F04}\{C5535C06-4B46-4272-9518-47BC28E8583B}\OmigaZip_patch\WinZipper.exe
2015-01-16 14:11:19        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\4z_ask.exe
2015-01-16 14:11:19        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\eshellctx64.dll
2015-01-16 14:11:19        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\winzipersvc.exe
2015-01-16 14:11:19        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\ouilibnl.dll
2015-01-16 14:11:19        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\dup.exe
2015-01-16 14:11:19        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\ebase.dll
2015-01-16 14:11:19        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\airzip_ws.exe
2015-01-16 14:11:19        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\WinZipper.exe
2015-01-16 14:11:19        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\{E03EB68D-3180-4AAF-B3DC-5A9F197359DE}\OmigaZip_patch\eshellctx.dll
2015-01-16 14:11:18        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{2F482F11-03FF-4CEE-9E00-8491E2891356}\yac.exe
2015-01-16 12:11:10        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\eshellctx64.dll
2015-01-16 12:11:10        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\winzipersvc.exe
2015-01-16 12:11:10        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\ouilibnl.dll
2015-01-16 12:11:10        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\dup.exe
2015-01-16 12:11:10        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\ebase.dll
2015-01-16 12:11:10        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\airzip_ws.exe
2015-01-16 12:11:10        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\WinZipper.exe
2015-01-16 12:11:10        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\eshellctx.dll
2015-01-16 12:11:09        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\{BB3BCCAF-15DB-4632-9C7B-61DEFF16D24E}\OmigaZip_patch\4z_ask.exe
2015-01-16 12:11:08        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{58857C73-9C24-4E4C-80C0-156621432455}\yac.exe
2015-01-16 11:11:44        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\4z_ask.exe
2015-01-16 11:11:44        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\eshellctx64.dll
2015-01-16 11:11:44        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\winzipersvc.exe
2015-01-16 11:11:44        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\ouilibnl.dll
2015-01-16 11:11:44        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\dup.exe
2015-01-16 11:11:44        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\ebase.dll
2015-01-16 11:11:44        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\airzip_ws.exe
2015-01-16 11:11:44        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\yac.exe
2015-01-16 11:11:44        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\WinZipper.exe
2015-01-16 11:11:44        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{D9678152-5851-4C48-9530-8FAD07F9B307}\{EEBD66D4-FB3F-480C-BC94-153BFFA03937}\OmigaZip_patch\eshellctx.dll
2015-01-16 10:11:25        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\4z_ask.exe
2015-01-16 10:11:25        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\eshellctx64.dll
2015-01-16 10:11:25        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\winzipersvc.exe
2015-01-16 10:11:25        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\ouilibnl.dll
2015-01-16 10:11:25        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\dup.exe
2015-01-16 10:11:25        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\ebase.dll
2015-01-16 10:11:25        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\airzip_ws.exe
2015-01-16 10:11:25        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\WinZipper.exe
2015-01-16 10:11:25        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\{E674CB33-7D58-49C5-8E78-FAF9075047FF}\OmigaZip_patch\eshellctx.dll
2015-01-16 10:11:24        251827E06A9F1E0A2263D8950E622465        14342932        ----a-w-        C:\Users\User\AppData\Local\Temp\{D646770A-2E22-46E9-82C9-2439EC56F097}\yac.exe
2015-01-16 09:10:47        F3EB31F6051EA6F7BC6ECB3028940216        1072816        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\4z_ask.exe
2015-01-16 09:10:47        A1F72D2459D7C52AB6AE3D98784EAB8A        150192        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\eshellctx64.dll
2015-01-16 09:10:47        88AA346AC02A605CCDEDFE5A60201F9D        424624        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\winzipersvc.exe
2015-01-16 09:10:47        7A5B6C1DBB60F848D5CAD4B62167058B        1647792        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\ouilibnl.dll
2015-01-16 09:10:47        77909F730D8B052AC1BA3045EE76D36F        261808        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\dup.exe
2015-01-16 09:10:47        45545B2C9E83489252EB160577AAB5D3        726192        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\ebase.dll
2015-01-16 09:10:47        2CD84058264D8B04EE7AD18BA439692C        1389232        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\airzip_ws.exe
2015-01-16 09:10:47        10F28D475615F1117C2E8F062E14A0C4        506544        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\WinZipper.exe
2015-01-16 09:10:47        0F7663FEC490C79EF52827C4D7F1C490        73904        ----a-w-        C:\Users\User\AppData\Local\Temp\{53500C6D-9FF5-4747-B864-84F9C73E55A5}\{5BCE3F55-56BD-4EF1-BA5E-C869120AD50B}\OmigaZip_patch\eshellctx.dll
2015-01-10 14:39:37        ACB9D7D2701157A49512105C54D5F434        52528        ----a-w-        C:\Users\User\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2015-01-09 14:44:43        006CC8260405E231C2006A0CEA2127FD        1053184        ----a-w-        C:\Users\User\AppData\Local\Temp\System.Data.SQLitedfe27784-bc37-48f4-b50e-1d8b7f34482f.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-14 11:03:33        FE48346938C1CDDDF4E4097DB9B99764        52224        ----a-w-        C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:03:33        92940397DFFB4D237EA5BB22FF912BDC        156672        ----a-w-        C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:03:19        8A289EF0AE709327D6AA9769E108B5A6        3916728        ----a-w-        C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:03:19        2AF481C03C0383ADE09FFEDA0C583140        3971512        ----a-w-        C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:03:17        9606307F5E1EABA98ACB61206EFC2127        43008        ----a-w-        C:\Windows\SysWOW64\srclient.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-14 11:03:35        5B9954AE9FD4682DADD5EBC0301366B0        52736        ----a-w-        C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-14 11:03:34        B6A58491307B4CADA572583D863DC602        210432        ----a-w-        C:\Windows\Sysnative\profsvc.dll
2015-01-14 11:03:33        8B301D474B478E9A92823BAB50A7BC49        303616        ----a-w-        C:\Windows\Sysnative\nlasvc.dll
2015-01-14 11:03:20        0A70B8D78AF95894E221DDAC6482DF6D        5553592        ----a-w-        C:\Windows\Sysnative\ntoskrnl.exe
2015-01-14 11:03:17        F4846789B3795F14DCB7D92ED1DAF74F        503808        ----a-w-        C:\Windows\Sysnative\srcore.dll
2015-01-14 11:03:17        DE595EACC79006E7B15B848BF0831E78        296960        ----a-w-        C:\Windows\Sysnative\rstrui.exe
2015-01-14 11:03:17        BA6D609BAB615991E8791CA1DFFD034C        50176        ----a-w-        C:\Windows\Sysnative\srclient.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-16 22:40:10        26C43960C99EE861A5D0EDC4DCF3B1C3        129752        ----a-w-        C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-16 22:39:57        CA43F8904E24BBE49982E4C0B29E6579        25816        ----a-w-        C:\Windows\Sysnative\drivers\mbam.sys
2015-01-16 22:39:57        A646C2DDB8C46E9B20A326FAF566646C        63704        ----a-w-        C:\Windows\Sysnative\drivers\mwac.sys
2015-01-16 22:39:57        478CC94C937D235CB0A96AB8F2359D81        93400        ----a-w-        C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-01-16 09:11:28        8EE84CC87D67CE4DE7AF907CCA559F52        52392        ----a-w-        C:\Windows\Sysnative\drivers\iSafeNetFilter.sys
2015-01-14 11:03:31        AE3334958D8F631FF14A0AEB3D7EFB3A        141312        ----a-w-        C:\Windows\Sysnative\drivers\mrxdav.sys
2015-01-10 14:33:23        F627BFFCC52587350E49FC2C2A03C7F9        43064        ----a-w-        C:\Windows\Sysnative\drivers\avnetflt.sys
2015-01-10 14:33:23        AF61774060F277FE45CBD3A9A8E7D45A        131608        ----a-w-        C:\Windows\Sysnative\drivers\avipbb.sys
2015-01-10 14:33:23        390184FAD8FCC1B6DA25AEBAE928C3B6        28600        ----a-w-        C:\Windows\Sysnative\drivers\avkmgr.sys
2015-01-10 14:33:23        1B87A1F2FA5B91AC1A7D171B8D952441        119272        ----a-w-        C:\Windows\Sysnative\drivers\avgntflt.sys
====== C:\Windows\Tasks ======
2014-12-23 18:36:32        B63AD96D5AB77552EFDB7D2277C3B0CB        3886        ----a-w-        C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-09 23:02:53        --------        d-----w-        C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2015-01-16 22:28:17        --------        d-----w-        C:\PROGRA~2\VS Revo Group
2015-01-16 09:11:07        --------        d-----w-        C:\PROGRA~2\Elex-tech
2015-01-10 14:25:34        --------        d-----w-        C:\PROGRA~2\Avira
2015-01-09 23:02:53        --------        d-----w-        C:\PROGRA~2\Microsoft Silverlight
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2015-01-17 15:35:49        --------        d-----w-        C:\Users\User\AppData\Roaming\VSRevoGroup
2015-01-17 15:32:13        --------        d-----w-        C:\Users\User\AppData\Roaming\Elex-tech
2015-01-16 22:28:17        --------        d-----w-        C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-01-10 14:42:56        --------        d-----w-        C:\Users\User\AppData\Roaming\Avira
2015-01-10 14:40:52        --------        d-----w-        C:\Users\User\AppData\Roaming\Mozilla
2015-01-01 16:25:18        --------        d-----w-        C:\Users\User\AppData\Roaming\Doublefine
2014-12-30 13:29:46        --------        d-----w-        C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
====== C:\Users\User ======
2015-01-17 15:39:52        AE6B51B8D801050A1A06273CAAB80D90        2125824        ----a-w-        C:\Users\User\Desktop\FRST64.exe
2015-01-16 23:29:29        8267403E31BB9BD538A46A293BA745A1        1156136        ----a-w-        C:\Users\User\Downloads\wpsetup.exe
2015-01-16 23:21:37        B9E1BF24EF01A82701B09BE75D294085        1707939        ----a-w-        C:\Users\User\Downloads\JRT.exe
2015-01-16 22:57:44        61CA40317EBF1254770BF8B495B3F8DA        2191360        ----a-w-        C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-16 22:39:10        3BD59D6C407AB1F6DDD7C5D9BD727469        20447072        ----a-w-        C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 22:27:44        4F99CAE27FFD46712E65C21444AACDFC        2623656        ----a-w-        C:\Users\User\Downloads\revosetup95.exe
2015-01-10 14:25:46        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-10 14:25:34        --------        d-----w-        C:\ProgramData\Avira
2015-01-09 23:03:44        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-06 19:36:28        73CD19CE19748D1D30302B759E413583        18021088        ----a-w-        C:\Users\User\Downloads\LauncherRepairUtilityP1.78.3a.exe

====== C: exe-files ==
2015-01-16 22:28:18        761102A9B90EC601E8B3071120063D74        87550        ----a-w-        C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2015-01-16 09:11:19        C2FB1A7A054838C5F7A0B2223907745A        455080        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe
2015-01-16 09:11:18        FE25A115AB323AD8EAFFA3A26B286898        284968        ------w-        C:\Program Files (x86)\Elex-tech\YAC\isafeLottery.exe
2015-01-16 09:11:18        F97E3312669551E0D67D999912C89DF9        296744        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe
2015-01-16 09:11:18        F7C3243D78CE2E3F801DAC9041564B29        975272        ------w-        C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe
2015-01-16 09:11:18        E89FC1356E490E3C7C61457DD298AEA7        699176        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
2015-01-16 09:11:18        D8BC0BCC9F6CACC0E678CAEE234E5021        306984        ------w-        C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe
2015-01-16 09:11:18        D7B21880F8D316521755E02097E0CC3D        514344        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe
2015-01-16 09:11:18        B97E05F0F93EDCDA1E5A03E2C62F545F        156520        ------w-        C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
2015-01-16 09:11:18        A11F42ED8D45DF96A0B69689DBBAC4BB        595240        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe
2015-01-16 09:11:18        A03A95B389479B2ADE3A288FA2EA11D1        118048        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
2015-01-16 09:11:18        9318BD11C65457191BD9C37ECC7312AC        303912        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iStart.exe
2015-01-16 09:11:18        77ABE62B43A3D8B4395BC091EF3CEA39        354088        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
2015-01-16 09:11:18        6CC7906AFB51112CFC11C806158F8D84        409896        ------w-        C:\Program Files (x86)\Elex-tech\YAC\feedback.exe
2015-01-16 09:11:18        1EC45DC4F84777759EB6620325FCAD89        120128        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
2015-01-16 09:11:18        0CBBA02DFA000037AD16A506B8F02DE8        811304        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
2015-01-16 09:11:18        08E390FBBD23B035ECF4F2D813305BE0        605672        ------w-        C:\Program Files (x86)\Elex-tech\YAC\YacLuckySpin.exe
2015-01-15 13:49:58        F8FBB507054F06291AE779CACCAE206C        142901224        ----a-w-        C:\ProgramData\Overwolf\Setup\0.82.104.0\OverwolfSetup.exe
2015-01-14 19:17:22        A8189EBBCC7C856FC557C177190E4620        10693168        ----a-w-        C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
2015-01-14 03:16:24        12D475CADE6AB913E796B65F73348197        32178176        ----a-r-        C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Win32\Smite.exe
2015-01-13 16:15:38        48B1FEC0EE27A88D48DBA004C26E7EF0        10631216        ----a-w-        C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
2015-01-12 19:35:50        B793EE364D6E8955E6DC73DAE9CD1404        10694192        ----a-w-        C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
2015-01-12 14:06:18        F074FF8F735D9A576BA2576FFBC22190        111664        ----a-w-        C:\Program Files (x86)\Overwolf\OWUninstaller.exe
2015-01-12 14:06:16        D8E185AD4F879D922722137B85463C68        79600        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfBrowser.exe
2015-01-12 14:06:16        AE45727EE7A5809DC218634BCB3EBB0B        54512        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfCrashHandler.exe
2015-01-12 14:06:14        EBD315CD4E3D269AF40067A095DF25A3        998640        ----a-w-        C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
2015-01-12 14:06:14        C01CB14BAFD458AA4056E31A724EEC9F        181488        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\Purplizer\Purplizer.exe
2015-01-12 14:06:14        BD7000B586BB1C816CC86B83FD9AAAC7        194800        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfStore.exe
2015-01-12 14:06:14        AD4A81967723252AA3A55EB1F94E932C        40176        ----a-w-        C:\Program Files (x86)\Overwolf\Overwolf.exe
2015-01-12 14:06:14        A6110EE7165AE0DB9D111892449CE39B        54000        ----a-w-        C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper.exe
2015-01-12 14:06:14        5CF76F587A29F1BA74CEAEE1EA4BDA84        513776        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OWUninstallMenu.exe
2015-01-12 14:06:14        012A4FBEF26B01156EC5367BFCB6F242        87792        ----a-w-        C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper64.exe
2015-01-12 14:06:12        B554C461658E2CE8235CDD9D9E180DD3        66800        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OWCleanup.exe
2015-01-12 14:04:36        96C91375B26D5AF2538DF352B0679110        548560        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfOverlayHelper.exe
2015-01-12 14:04:36        623A8059C0EDF67AB8DAF965F8EBA56C        455936        ----a-w-        C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfTSHelper.exe
2015-01-12 14:04:36        1C0A4C832D7019C82C01859693C51807        221904        ----a-w-        C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
2015-01-11 22:12:20        F41FCEBB86E05FEF16D2A31CC260C24C        26913274        ----a-w-        C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
=== C: other files ==
2015-01-17 22:54:52        B5BBC86645A135B13E6B41C5B0E7DE2D        1217        ----a-w-        C:\Users\User\AppData\Roaming\Raptr\data\major_oranje\config\certificates\x509\tls_peers\xmpp-server6.raptr.com
2015-01-17 15:34:50        B5BBC86645A135B13E6B41C5B0E7DE2D        1217        ----a-w-        C:\Users\User\AppData\Roaming\Raptr\data\major_oranje\config\certificates\x509\tls_peers\xmpp-server7.raptr.com
2015-01-16 23:21:51        F720D6634E048B0AD485CEEF55263E6B        191092        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\misc.bat
2015-01-16 23:21:51        F56A319979F631C141F5FF02DF87FDB1        43563        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\prelim.bat
2015-01-16 23:21:51        DD1E4D974B1672ABD09EFFB225791C4A        1230        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\TDL4.bat
2015-01-16 23:21:51        C4C784C659C27DB5ED395A7901611C71        14957        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\get.bat
2015-01-16 23:21:51        AD2F52DC72B10AF331692E4A4DD80DFC        18670        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\medfos.bat
2015-01-16 23:21:51        AA0C656F898523BEDF2DA6923197BB80        1264        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\surfvox.bat
2015-01-16 23:21:51        A3945FA06DB607245C6A1D0629CE737E        11057        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat
2015-01-16 23:21:51        8E6020C14F982CF11B3FE7DBB0CB8EDE        24738        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-16 23:21:51        86707BCE5CBB65D9B1C41E249B4423BA        152733        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\firefox.bat
2015-01-16 23:21:51        83F691D8398F0E37E71E9355BF730DB9        719        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-16 23:21:51        38A0BDF322ACCC968B0A824C38D50157        29635        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\ask.bat
2015-01-16 23:21:51        335DFF8F23E5EC02B5426362F0F8509B        31401        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\iexplore.bat
2015-01-16 23:21:51        0C4649A62845AB5D5DBCC4998477FF6D        1813        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\delfolders.bat
2015-01-16 23:21:51        080CFDE64F31E7B50EECF4552033E84D        9937        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\mws.bat
2015-01-16 23:21:51        048407135C9B1FB6A355E256BD96160D        14192        ----a-w-        C:\Users\User\AppData\Local\Temp\jrt\chrome.bat
2015-01-16 23:15:49        B5BBC86645A135B13E6B41C5B0E7DE2D        1217        ----a-w-        C:\Users\User\AppData\Roaming\Raptr\data\major_oranje\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2015-01-16 14:43:52        5196A424D1DEA7F6A44D5D2F0680C125        33829        ----a-w-        C:\Users\User\AppData\Local\Overwolf\Temp\ad7a048772454072adb0576168385bf9.zip
2015-01-16 09:11:20        8EE84CC87D67CE4DE7AF907CCA559F52        52392        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys
2015-01-16 09:11:19        AA0E848E069F99936966E03E2C01733F        45224        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys
2015-01-16 09:11:19        95178BB4E3AC2FDE16AFF7A3E4355498        99496        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
2015-01-16 09:11:19        5260DF59CE11CEE7173CE864C122D9EE        93352        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
2015-01-16 09:11:19        433A1606FCC62A99E6848929198A78B1        249000        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
2015-01-16 09:11:19        13CB0B41E703E9FBE6386D4549291F83        42152        ------w-        C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
2015-01-16 03:05:58        0527B55C29B276465848DF77BDFA5DFB        34574        ----a-w-        C:\Users\User\AppData\Local\Overwolf\Temp\7a53a0e14881479db410490f64a7b031.zip
2015-01-16 03:02:51        BFFB0A6FF9EC9E29FD7F4689E52D9730        17281        ----a-w-        C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Tools\PrepareScriptMod.bat
2015-01-16 03:02:51        BFFB0A6FF9EC9E29FD7F4689E52D9730        17281        ----a-w-        C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\PrepareScriptMod.bat
2015-01-15 13:43:36        B5BBC86645A135B13E6B41C5B0E7DE2D        1217        ----a-w-        C:\Users\User\AppData\Roaming\Raptr\data\major_oranje\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2015-01-14 21:11:48        F5D43C39E726070CC8206F72E8504B06        45549        ----a-w-        C:\Users\User\AppData\Local\Overwolf\Temp\b9dc217fb3a44b7d99bf24dd30ccb314.zip
2015-01-14 03:50:54        E49F0CF1D0C5B7B6B94395F855FBEA2C        38951        ----a-w-        C:\Users\User\AppData\Local\Overwolf\Temp\055a5dca44714245b11e069de450ce8d.zip
2015-01-13 21:54:25        AF8B7932C960CCAAB4DA6268DC8FAAC5        30498        ----a-w-        C:\Users\User\AppData\Local\Overwolf\Temp\e73e4df987b84787990742c03b40e6a7.zip
2015-01-13 15:14:21        B5BBC86645A135B13E6B41C5B0E7DE2D        1217        ----a-w-        C:\Users\User\AppData\Roaming\Raptr\data\major_oranje\config\certificates\x509\tls_peers\xmpp-server8.raptr.com

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Battlefield Heroes - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chromium Fix ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{46C74900-0019-4AFB-B7D9-3770D5319FEB} Search The Web (privitize) Url="hxxp://searchou.com/?q={searchTerms}&id=6cae971d000000000000902b34a9276f&affilt=5&r=698"
{AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} Ask Search Url="hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=492EB85A-62E5-41FA-B1A7-3CF1948F6081&apn_sauid=BA47120A-9153-4B0F-9CB2-9888B5EB7DD8"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=167 folders=64 45234009 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on 18.01.2015 at  0:40:49,68 ======================

deeprybka 18.01.2015 00:52
Gut, dann lass mal frische FRST-Logs sehen... ;)

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

KDTMaster 19.01.2015 09:42
Etwas spät ^^ Aber hier kommen die beiden Logs

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by User (administrator) on USER-PC on 19-01-2015 09:38:21
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtlService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502SysAudioLauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Curse) C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Razer, Inc.) C:\Users\User\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.104.0\OverwolfHelper64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfBrowser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.104.0\OverwolfBrowser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Kraken0502Launcher] => C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502SysAudioLauncher.exe [865088 2014-05-23] (Razer Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\...\MountPoints2: {5af73e6f-a793-11e2-a0f1-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\...\MountPoints2: {cb91d5cb-81e8-11e2-a29c-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-04] (Google Inc.)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40176 2015-01-12] (Overwolf LTD)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {5af73e6f-a793-11e2-a0f1-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {cb91d5cb-81e8-11e2-a29c-806e6f6e6963} - D:\Bin\ASSETUP.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1000 -> DefaultScope {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {46C74900-0019-4AFB-B7D9-3770D5319FEB} URL = hxxp://searchou.com/?q={searchTerms}&id=6cae971d000000000000902b34a9276f&affilt=5&r=698
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {AA32E325-E4B2-4B5B-9A3B-19C86579D8FF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=492EB85A-62E5-41FA-B1A7-3CF1948F6081&apn_sauid=BA47120A-9153-4B0F-9CB2-9888B5EB7DD8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\K3vy4jQB.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\K3vy4jQB.default\extensions\abs@avira.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://eu.battle.net/wow/de/
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420812809&from=obw&uid=WDCXWD10EALX-009BA0_WD-WCATR889466094660"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-04]
CHR Extension: (Battlefield Heroes) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-07-14]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-04]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-17] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-17] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-07-05] (EasyAntiCheat Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-12] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-18] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 Realtek11nSU; C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-10] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-08-03] (BitRaider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-06-21] ()
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-12-13] (Scarlet.Crush Productions)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-03-08] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [198144 2011-03-08] (VIA Technologies, Inc.)
S3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S2 SPDRIVER_1463.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1463.0.0.0\jsdrv.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:38 - 2015-01-19 09:38 - 00022568 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-19 09:38 - 2015-01-19 09:38 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-18 00:38 - 2015-01-18 00:06 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-18 00:08 - 2015-01-18 00:40 - 00073998 _____ () C:\zoek-results.log
2015-01-18 00:06 - 2015-01-18 00:34 - 00000000 ____D () C:\zoek_backup
2015-01-18 00:06 - 2015-01-18 00:06 - 01295360 _____ () C:\Users\User\Desktop\zoek.exe
2015-01-17 16:40 - 2015-01-19 09:38 - 00000000 ____D () C:\FRST
2015-01-17 16:39 - 2015-01-19 09:38 - 02126848 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-17 16:35 - 2015-01-17 16:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\VSRevoGroup
2015-01-17 00:29 - 2015-01-17 00:29 - 01156136 _____ (Ruiware) C:\Users\User\Downloads\wpsetup.exe
2015-01-17 00:21 - 2015-01-17 00:21 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-01-17 00:21 - 2015-01-17 00:21 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 00:07 - 2015-01-17 00:10 - 00000000 ____D () C:\AdwCleaner
2015-01-16 23:57 - 2015-01-16 23:58 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-16 23:40 - 2015-01-16 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 23:40 - 2015-01-16 23:40 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 23:40 - 2015-01-16 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 23:39 - 2015-01-16 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 23:39 - 2015-01-16 23:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 23:39 - 2015-01-16 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 23:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 23:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 23:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 23:28 - 2015-01-16 23:28 - 00001276 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-16 23:28 - 2015-01-16 23:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-16 23:27 - 2015-01-16 23:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-16 10:11 - 2015-01-17 00:10 - 00000000 ____D () C:\Windows\system32\log
2015-01-14 12:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:03 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:03 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:03 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:03 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:03 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:03 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 21:03 - 2015-01-13 21:03 - 02087676 _____ () C:\Users\User\Downloads\wowcataclysm.ts3_style
2015-01-10 15:46 - 2015-01-10 15:46 - 00001145 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-10 15:42 - 2015-01-10 15:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2015-01-10 15:40 - 2015-01-10 15:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-01-10 15:35 - 2015-01-19 09:27 - 01448886 _____ () C:\Windows\PFRO.log
2015-01-10 15:35 - 2015-01-19 09:27 - 00000672 _____ () C:\Windows\setupact.log
2015-01-10 15:35 - 2015-01-10 15:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 15:33 - 2015-01-10 15:28 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-10 15:33 - 2015-01-10 15:28 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-10 15:25 - 2015-01-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-10 15:25 - 2015-01-10 15:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 15:25 - 2015-01-10 15:39 - 00000000 ____D () C:\ProgramData\Avira
2015-01-10 15:25 - 2015-01-10 15:25 - 00002078 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-10 00:03 - 2015-01-10 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-10 00:02 - 2015-01-10 00:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-10 00:02 - 2015-01-10 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-06 20:38 - 2015-01-06 20:38 - 00000366 _____ () C:\Users\User\Downloads\launcher.settings
2015-01-06 20:38 - 2015-01-06 20:38 - 00000187 _____ () C:\Users\User\Downloads\eula.settings
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\swtor
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\Movies
2015-01-06 20:38 - 2015-01-06 20:38 - 00000000 ____D () C:\Users\User\Downloads\Assets
2015-01-06 20:37 - 2015-01-06 20:49 - 00000000 ____D () C:\Users\User\Downloads\bitraider
2015-01-06 20:37 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\User\Downloads\locales
2015-01-06 20:37 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\User\Downloads\EULAs
2015-01-06 20:37 - 2012-03-14 19:39 - 00010560 _____ () C:\Users\User\Downloads\eualas.version
2015-01-06 20:36 - 2015-01-06 20:37 - 18021088 _____ () C:\Users\User\Downloads\LauncherRepairUtilityP1.78.3a.exe
2015-01-06 20:15 - 2015-01-10 15:24 - 00000000 ____D () C:\Users\User\Documents\registry
2015-01-04 13:44 - 2015-01-04 13:44 - 00000000 ____D () C:\Users\User\Documents\Wolves
2015-01-04 13:40 - 2015-01-04 13:40 - 00000000 ____D () C:\Users\User\Documents\Aeternitas
2015-01-01 17:25 - 2015-01-01 17:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Doublefine
2014-12-30 14:29 - 2014-12-30 14:29 - 05994752 _____ (Wargaming.net ) C:\Users\User\Downloads\WoT_internet_install_eu.exe
2014-12-30 14:29 - 2014-12-30 14:29 - 00000777 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2014-12-30 14:29 - 2014-12-30 14:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-12-23 19:36 - 2014-12-23 19:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:37 - 2011-05-07 00:46 - 02088991 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 09:32 - 2013-10-31 21:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Raptr
2015-01-19 09:31 - 2014-06-14 14:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 09:31 - 2013-09-09 20:56 - 00000000 ____D () C:\Users\User\AppData\Local\Overwolf
2015-01-19 09:29 - 2013-09-02 21:35 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-01-19 09:29 - 2013-05-04 13:06 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
2015-01-19 09:28 - 2014-06-14 14:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 09:28 - 2014-03-03 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2015-01-19 09:27 - 2013-02-28 17:56 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-01-19 09:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 22:08 - 2013-05-08 22:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-18 22:07 - 2014-02-11 18:20 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-18 21:25 - 2013-08-12 17:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 12:29 - 2013-05-04 13:06 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
2015-01-18 06:11 - 2013-05-05 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-18 00:49 - 2009-07-14 05:45 - 00032928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 00:49 - 2009-07-14 05:45 - 00032928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 00:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-17 16:36 - 2013-05-04 13:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-17 00:21 - 2014-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-17 00:10 - 2013-05-04 13:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-17 00:10 - 2012-03-13 10:15 - 00001001 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-17 00:00 - 2014-10-17 14:34 - 00000000 ____D () C:\Windows\Razer Core
2015-01-15 01:08 - 2013-08-15 18:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:59 - 2013-05-04 12:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:28 - 2014-09-01 10:29 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 21:27 - 2013-08-12 17:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:27 - 2013-08-12 17:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:27 - 2013-08-04 15:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 16:12 - 2014-08-30 08:37 - 00000002 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-10 18:50 - 2013-07-18 17:12 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2015-01-10 18:50 - 2013-07-18 17:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-10 15:34 - 2013-05-17 23:26 - 00007612 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-01-10 12:55 - 2009-07-14 03:34 - 00000532 _____ () C:\Windows\win.ini
2015-01-06 19:57 - 2014-05-02 18:46 - 00000000 ____D () C:\Windows\Minidump
2015-01-06 19:57 - 2013-06-29 16:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 14:29 - 2013-05-05 01:21 - 00000000 ____D () C:\Games
2014-12-24 23:03 - 2014-10-17 14:30 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-20 17:48 - 2013-05-06 07:32 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-12-20 02:26 - 2014-06-12 09:34 - 00000000 ____D () C:\Program Files (x86)\StarCraft II

==================== Files in the root of some directories =======
2014-12-08 17:32 - 2014-12-08 17:32 - 0002071 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2013-05-17 23:26 - 2015-01-10 15:34 - 0007612 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 03:07

==================== End Of Log ============================
--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by User at 2015-01-19 09:39:16
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version:  - 11 bit studios)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.05 - TOSHIBA CORPORATION)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes 2 - Beta (HKLM-x32\...\Steam App 317170) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Curse Client (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Ghost Recon Online (EU) (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\d8be6c3f847d7d92) (Version: 1.34.8140.2 - Ubisoft)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
March of War (HKLM-x32\...\Steam App 234310) (Version:  - ISOTX)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.104.0 - Overwolf Ltd.)
Parsec (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\a53dc3b81e52c50e) (Version: 1.0.0.53 - Parsec)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProconRulz Tool (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\fb97684529d370f0) (Version: 1.1.0.1 - ProconRulz Tool)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Ragnarok Online - Free to Play - European Version (HKLM-x32\...\Steam App 250740) (Version:  - Gravity Europe SAS)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Rugby 15 (HKLM-x32\...\Steam App 303820) (Version:  - HB Studios)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version:  - Crytek)
Shattered Horizon (HKLM-x32\...\Steam App 18110) (Version:  - Futuremark)
Sitecom WiFi USB adapter N300 Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - Sitecom Europe BV)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2529.2 - Hi-Rez Studios)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version:  - Little Green Men Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer 40,000: Kill Team (HKLM-x32\...\Steam App 275610) (Version:  - Nomad Games)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{cf79ccef-31d1-4d3d-9f10-62a379cca9aa}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

17-01-2015 23:57:36 Revo Uninstaller's restore point - Ge-Force
17-01-2015 23:59:47 Revo Uninstaller's restore point - Google Update Helper
18-01-2015 00:00:49 Revo Uninstaller's restore point - HQ-Video-Pro-2.1cV09.01
18-01-2015 00:01:57 Revo Uninstaller's restore point - YAC(Yet Another Cleaner!)
18-01-2015 00:08:03 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0564E61C-27E7-4037-955B-019E78B4F741} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0A8872E7-D4DA-47C5-AB46-41C3F7C6D6F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {0AE830F0-9F50-4EC4-9484-A7FF1B47C716} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {3695D0C4-0052-4FC1-BFEE-BE77915D1908} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {3B7156F7-A46E-4ACD-8ED6-E523974BD32D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {6151ED29-57A6-497B-A4A4-83244E7D790C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {873D32DC-A26A-4414-A484-53ADA758A327} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CD05EA32-0A73-40F7-8DEB-0596B3BC8748} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-12] (Overwolf LTD)
Task: {F918C646-5924-43C6-8424-301BBE4FDF95} - System32\Tasks\User_Feed_Synchronization-{CADF73C4-3ADD-4156-86B5-A0B47B1A2ECF}
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2013-12-02 18:01 - 2014-07-12 20:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-10-10 13:29 - 2014-10-10 13:29 - 00016384 ____N () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-06-23 13:57 - 2014-06-23 13:57 - 00035840 _____ () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-10 13:29 - 2014-10-10 13:29 - 00099840 ____N () C:\Users\User\AppData\Local\Apps\2.0\L5WLY7VW.40O\CDJZHC54.O1T\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2011-05-07 01:07 - 2010-01-21 00:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 01:07 - 2010-01-21 00:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 01:07 - 2010-01-21 00:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 01:07 - 2010-01-21 00:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-11-20 09:23 - 2014-11-20 09:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-23 08:54 - 2014-05-23 08:54 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502DevProps.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\CoreAudioApi.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libcef.DLL
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-12-16 19:40 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 07:02 - 2014-11-20 07:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-12-16 19:40 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2013-05-11 12:38 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Utility\EnumDevLib.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libglesv2.dll
2015-01-12 15:04 - 2015-01-12 15:04 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.104.0\libegl.dll
2015-01-13 21:27 - 2015-01-13 21:27 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: SPDRIVER_1463.0.0.0
Description: SPDRIVER_1463.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SPDRIVER_1463.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 09:29:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 06:10:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wow-64.exe, Version: 6.0.3.19342, Zeitstempel: 0x548f8bcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fef8750398
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xWow-64.exe0
Pfad der fehlerhaften Anwendung: Wow-64.exe1
Pfad des fehlerhaften Moduls: Wow-64.exe2
Berichtskennung: Wow-64.exe3

Error: (01/18/2015 00:41:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:46:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 10:28:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 09:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 08:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 07:28:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (01/17/2015 06:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (01/19/2015 09:30:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
iSafeKrnlMon

Error: (01/19/2015 09:28:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Realtek11nSU erreicht.

Error: (01/19/2015 09:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1463.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/19/2015 09:27:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/18/2015 00:41:17 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (01/18/2015 00:41:15 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (01/18/2015 00:41:13 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (01/18/2015 00:40:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1463.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/18/2015 00:40:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.

Error: (01/18/2015 00:39:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (01/19/2015 09:29:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 06:10:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wow-64.exe6.0.3.19342548f8bcdunknown0.0.0.000000000c0000005000007fef875039840c01d032dd0ade4795C:\Program Files (x86)\World of Warcraft\Wow-64.exeunknown606d1fe5-9ed0-11e4-9a6b-902b34a9276f

Error: (01/18/2015 00:41:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:46:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 10:28:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 09:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 08:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 07:28:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/17/2015 06:28:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 8173.55 MB
Available physical RAM: 4962.14 MB
Total Pagefile: 16345.29 MB
Available Pagefile: 12513.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:135.78 GB) NTFS
Drive d: (49232_49233) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 477201BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 19.01.2015 11:06
OK,

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


KDTMaster 25.01.2015 20:33
Sorry ^^ War die Woche auf Montage, weiter gehts!

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3e009a2ac5a71441a6520ab625c09437
# engine=22136
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-25 06:49:00
# local_time=2015-01-25 07:49:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 20467 287635030 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 141385 173841590 0 0
# scanned=330846
# found=7
# cleaned=0
# scan_time=19241
sh=2BD8234E4C79325C128724F9D8DAB236F5F8F799 ft=1 fh=0a40ee0c805fecf5 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=D6EB15ADEFE8BE7E36D184AD86DE9CA457095C7E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bkfoggbmaeddfflfppchdlbakjilclbp\1.26.26_0\extensionData\plugins\91.js"
sh=D6EB15ADEFE8BE7E36D184AD86DE9CA457095C7E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhjehbmopbfbomhchfkhbghcehpeiijl\1.26.25_0\extensionData\plugins\91.js"
sh=B7681BA36C2C52EB74F22C28EAAA970E72FF043F ft=1 fh=4a8ac3206f20065f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_Common Files_System_SysMenu.dll.vir"
sh=B2B0EF28C6BC86E648833614E598B2256FD21C8A ft=1 fh=9900465de9ea6871 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_Common Files_System_SysMenu64.dll.vir"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_User_AppData_Roaming_OGHJMXG.vir"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_User_AppData_Roaming_PRHSC.vir"

deeprybka 25.01.2015 20:38
http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131