Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Log-Analyse und Auswertung: HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 14.10.2015, 16:29   #1
HornZ
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Hallo,

Nachdem ich ewig selbst probiert habe dieses problem zu lösen und nichts geklappt hat, muss ich mir jetzt hilfe holen.

Hier ist mal der letzte log von 360 Total Security

Code:
ATTFilter
360 Total Security Scan Log

Scan Time:2015-10-14 14:45:05
Time Taken:00:10:44
Object(s) Scanned:353109
Threat(s) Found:3
Threat(s) Resolved:0

Scan Settings
----------------------
Compressed Files Scan:No
Scan Engine:Avira and Bitdefender engines are disabled

Scan Scope
----------------------
Full Scan

Scan Result
======================
High-risk Items
----------------------
C:\Program Files (x86)\Common Files\Synful\Synful Orchestra\SO\SOD.dll	HEUR/QVM39.1.Malware.Gen	Not resolved
C:\Program Files (x86)\Common Files\Synful\Synful Orchestra\SO\SOP.dll	HEUR/QVM39.1.Malware.Gen	Not resolved
D:\Games\The Elder Scrolls Online\game\client\eso.exe	HEUR/QVM20.1.Malware.Gen	Not resolved
^Hab jetzt nicht auf resolve gedrückt da er eh immer wieder kommt..

Hier mal die ganze Story:

Mir fiel auf das irgendwas nicht stimmte nachdem ich FPS drops bekommen habe in CS:GO. Meine Grafik Karte ist auch dauerhaft heisser geworden als sie sollte und wenn ich mein PC ausgeschalten hab, bekam ich immer die meldung "Unable to close Processes", und musste immer "force shutdown" drücken. Noch dazu schaltete sich mein Mikrofon ständig aus und ein, also machte so ein Klick geräusch was es früher nie machte.

Also machte ich einen scan mit 360 Total Security. Ergebnis:

HEUR/QVM10.1.Malware.Gen
HEUR/QVM20.1.Malware.Gen
HEUR/QVM05.1.Malware.Gen

und noch ein paar andere nummern.

Dieser malware wurde in 5 verschiedene Locations gefunden, immer mit anderer nummer. Ich kann mich nicht mehr erinnern wo es zum ersten mal gefunden wurde aber das ist egal denn es ändert sich dauerhaft.. Dazu wurden noch 500MB an Junk Files gelöscht

Ne stunde später mach ich nochmal ein Scan, wieder gleicher Virus mit neuen nummern in einer anderen File Location, und nochmal 150MB an Junk Files. Das ging so weiter bis die Virus meldung irgendwann ein Tag weg war. Am nächsten Tag kam er nochmal in 3 verschiede Locations und je länger kein Scan gemacht wurde desto näher kommen die Junk Files wieder zu nem halben GB. Im abstand von nur 15 min kriege ich schon 100 MB Junk.


Was ich dann probiert habe in reihenfolge:

Avira: "Hidden objects were found that could indicate an unwanted program or a hidden virus" das fand ich dann mal suspekt. Ich hab wie sie in ihrer knowledge base gesagt haben den scan auf "Extended/Complete" gestellt, aber noch immer die gleiche Fehlermeldung. Der Virus Scan hat nichts angezeigt, doch die Fehlermeldung kommt bei jeden neuen Scan nochmal.
Malwarebytes: hat ein paar adwares gelöscht (Conduit, DivX) sonst nichts mehr gefunden
Spyhunter: ebenso nur adwares gefunden
Unhackme: hat ein paar suspekte "unknown" files gefunden, aber die meldung von 360 kam noch immer.

Dann hab ich mal den Anti Rootkit von Malwarebytes runtergeladen. Wenn ich ihn öffnen wollte hab ich die meldung ähnlich wie "your system wont let malware bytes install, this might be because your PC is infected with a rootkit". Ich startete mein PC neu und dann gings auf einmal. Er hat nichts gefunden

Dann bin ich auf GMER gekommen. Ich hab probiert GMER zu installieren aber wieder ne fehler meldung: "An error occured in the application." Diesbezüglich hab ich einen bug report gemailt. Es scheint irgendwas mit Indievolume zu tun zu haben, ein Program was ich benütze um Processes zu bestimmten Soundkarten zu routen. Diesen Log kann ich euch auch noch schicken

Hier ist auch noch ein Quote den ich gefunden habe nachdem ich den Virus in google gesucht habe:

Zitat:
The capability of HEUR/QVM10.1.Malware.Gen to totally penetrate into the PC within minutes is notorious. To run its vicious process and compromise the PC once every time you start up computer, the threat modifies Windows registry as well as vital system settings. It is insecure to leave it remain in the computer. Every time you start up Windows, the Trojan virus is able to automatically run by itself. It takes a longer time to finish the startup/shutdown process than usual. And as time goes by, the system becomes more and more sluggish and awkward. Obviously, your work efficiency will be reduced by using such a sluggish and weird computer. Some important data are missing. This is because that this Trojan virus is able to hide some important files or programs and make them invisible. Many other viruses including spyware may be implanted into the computer by the cyber criminals, which help them to access the computer in the backdoor easily. All your computer activities may be monitored and known by hackers who enable to gain access to your PC remotely. The reason why HEUR/QVM10.1.Malware.Gen can stay in your computer for a long time is its capacity to trespass the system security utility, such as system firewall and authentic security software, through the way of pretending to be a system component. You should remove HEUR/QVM10.1.Malware.Gen manually as soon as possible.
Scheint also was böseres zu sein

Ich hoffe sie können mir Helfen!
Danke!

Alt 14.10.2015, 17:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 14.10.2015, 18:58   #3
HornZ
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Hey, danke für die schnelle antwort

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by Gabriele (administrator) on GABRIELE-PC (14-10-2015 18:34:14)
Running from C:\Users\Gabriele\Desktop
Loaded Profiles: Gabriele (Available Profiles: Gabriele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(GerixSoft) D:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GerixSoft) D:\Program Files (x86)\IndieVolume\IndieVolume.GUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\QHSafeMain.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.29-delta.exe
(Microsoft Corporation) D:\7d5ae23cafca255d164e1f224386\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1287800 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\Run: [IndieVolume] => D:\Program Files (x86)\IndieVolume\IndieVolume.GUI.exe [3736576 2013-04-02] (GerixSoft)
HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\MountPoints2: {0751f725-6f91-11e3-afc4-94de806c5a91} - G:\Installer.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [10630200 2015-09-10] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70
Tcpip\..\Interfaces\{481FF60F-E5CA-4675-8D4C-34EDE02D320D}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{50B7C3E1-970F-44B7-A194-FD6BACB25D32}: [DhcpNameServer] 213.33.99.70 80.120.17.70
Tcpip\..\Interfaces\{C552A4C1-26E9-445D-9065-6CD767F46D45}: [DhcpNameServer] 192.168.0.254 192.168.0.254 213.33.99.70

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> DefaultScope {C8AA4B05-223A-4CC0-AB93-A34F9B602C2A} URL = 
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000 -> {1B5555A4-BA4D-4580-883F-0DCBC18EC48D} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  => No File
BHO: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  => No File
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  => No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\i4cqazf6.default-1436642927618
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-10-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-10-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-03] (Pando Networks)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3537263833-1770889547-2365521400-1000: @my.com/Games -> C:\Users\Gabriele\AppData\Local\MyComGames\NPMyComDetector.dll [2015-04-16] (My.com, Inc)
FF Plugin HKU\S-1-5-21-3537263833-1770889547-2365521400-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gabriele\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3537263833-1770889547-2365521400-1000: @talk.google.com/O1DPlugin -> C:\Users\Gabriele\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3537263833-1770889547-2365521400-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-03] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gabriele\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gabriele\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Acrobat\Browser\WCFirefoxExtn [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-09-24]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Skype Web Plugin) - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - D:\Program Files (x86)\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Profile: C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2014-03-20]
CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-07]
CHR Extension: (Adblock Plus) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-16]
CHR Extension: (Google Search) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (360 Internet Protection) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-10-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-03-22]
CHR Extension: (Flamite) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2015-09-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-26] (altPUG LLC)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-05-24] (EasyAntiCheat Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IndieVolumeService; D:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [182248 2013-04-02] (GerixSoft)
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-19] ()
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-10-09] (Enigma Software Group USA, LLC.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53976 2013-03-26] ()
S3 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S3 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-21] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-21] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-21] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-21] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-21] (360.cn)
S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [98664 2012-12-18] (Native Instruments GmbH)
R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-21] (360.cn)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-10-09] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-10-09] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [23728 2008-01-10] (hxxp://libusb-win32.sourceforge.net)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-08-21] (Razer Inc)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-09-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-08-21] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-09-13] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [44656 2014-09-15] (Shaul Eizikovich)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S1 ESEADriver2; \??\C:\Users\Gabriele\AppData\Local\Temp\ESEADriver2.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 18:34 - 2015-10-14 18:34 - 00034857 _____ C:\Users\Gabriele\Desktop\FRST.txt
2015-10-14 18:33 - 2015-10-14 18:34 - 00000000 ____D C:\FRST
2015-10-14 18:33 - 2015-10-14 18:32 - 02196480 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST64.exe
2015-10-14 18:32 - 2015-10-14 18:32 - 02196480 _____ (Farbar) C:\Users\Gabriele\Downloads\FRST64.exe
2015-10-14 18:32 - 2015-10-14 18:32 - 02196480 _____ (Farbar) C:\Users\Gabriele\Downloads\FRST64 (1).exe
2015-10-14 18:03 - 2015-10-14 18:03 - 00311352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-14 18:03 - 2015-10-14 18:03 - 00067920 _____ C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-14 18:03 - 2015-10-14 18:03 - 00000022 _____ C:\Windows\S.dirmngr
2015-10-14 17:11 - 2015-10-14 17:11 - 00380416 _____ C:\Users\Gabriele\Downloads\yh53bxv3.exe
2015-10-14 15:15 - 2015-10-14 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 15:14 - 2015-10-14 17:49 - 00000000 ____D C:\Users\Gabriele\Desktop\mbar
2015-10-11 16:20 - 2015-10-11 16:20 - 00000000 ____D C:\Users\Gabriele\AppData\Local\TERA
2015-10-10 18:25 - 2015-10-10 18:25 - 00000000 ____D C:\ProgramData\GridinSoft
2015-10-10 00:58 - 2015-10-14 18:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 00:58 - 2015-10-14 17:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-10 00:58 - 2015-10-14 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-10 00:58 - 2015-10-14 17:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-10-10 00:58 - 2015-10-10 00:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-10 00:58 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-10 00:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-10 00:37 - 2015-10-10 00:45 - 00000000 ____D C:\AdwCleaner
2015-10-10 00:36 - 2015-10-10 00:36 - 01682432 _____ C:\Program Files (x86)\AdwCleaner.exe
2015-10-10 00:31 - 2015-10-10 13:34 - 00003280 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-10-09 23:20 - 2015-10-10 00:12 - 00000075 _____ C:\Windows\SysWOW64\Partizan.RRI
2015-10-09 23:12 - 2015-10-10 00:22 - 00000000 ____D C:\ProgramData\RegRun
2015-10-09 23:11 - 2015-10-10 00:23 - 00000000 ____D C:\Users\Gabriele\Documents\RegRun2
2015-10-09 23:11 - 2015-10-09 23:11 - 00000002 RSHOT C:\Windows\winstart.bat
2015-10-09 23:11 - 2015-10-09 23:11 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2015-10-09 23:11 - 2015-10-09 23:11 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2015-10-09 23:10 - 2015-10-14 16:02 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-10-09 22:59 - 2015-10-10 00:39 - 00000000 ____D C:\Windows\system32\log
2015-10-09 22:36 - 2015-10-09 22:36 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\Enigma Software Group
2015-10-09 22:36 - 2015-10-09 22:36 - 00000000 ____D C:\sh4ldr
2015-10-09 22:36 - 2015-10-09 22:36 - 00000000 _____ C:\autoexec.bat
2015-10-09 22:35 - 2015-10-09 22:35 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-10-09 22:35 - 2015-10-09 22:35 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-09-25 20:07 - 2015-10-14 18:03 - 00075840 _____ C:\Windows\PFRO.log
2015-09-25 20:07 - 2015-09-25 20:07 - 00000000 _____ C:\Windows\setuperr.log
2015-09-24 23:17 - 2015-10-14 17:43 - 00000000 __SHD C:\$360Section
2015-09-24 23:15 - 2015-10-14 18:02 - 00000000 ____D C:\ProgramData\360Quarant
2015-09-24 23:15 - 2015-10-11 05:23 - 00000000 ____D C:\Windows\Tasks\360Disabled
2015-09-24 23:15 - 2015-10-05 00:25 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\360safe
2015-09-24 23:14 - 2015-10-14 18:31 - 00000000 ____D C:\Users\Gabriele\AppData\LocalLow\360WD
2015-09-24 23:14 - 2015-10-14 17:49 - 00000000 ____D C:\ProgramData\360safe
2015-09-24 23:14 - 2015-09-24 23:14 - 00000000 _RSHD C:\360SANDBOX
2015-09-24 23:14 - 2015-09-24 23:14 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\360TotalSecurity
2015-09-24 23:14 - 2015-09-24 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-09-24 23:14 - 2015-09-24 23:14 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-09-24 23:14 - 2015-09-24 23:14 - 00000000 ____D C:\Program Files (x86)\360
2015-09-24 23:14 - 2015-09-21 06:10 - 00363088 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2015-09-24 23:14 - 2015-09-21 06:10 - 00319568 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-09-24 23:14 - 2015-09-21 06:10 - 00178768 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-09-24 23:14 - 2015-09-21 06:10 - 00137296 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2015-09-24 23:14 - 2015-09-21 06:10 - 00077904 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-09-24 23:14 - 2015-09-21 06:10 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2015-09-19 12:36 - 2015-10-07 19:47 - 00000000 ____D C:\Users\Gabriele\AppData\Local\Apple Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 18:34 - 2013-09-30 11:27 - 01889807 _____ C:\Windows\WindowsUpdate.log
2015-10-14 18:32 - 2013-10-11 21:19 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 18:32 - 2013-10-11 21:19 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:32 - 2013-10-07 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 18:30 - 2014-05-19 20:29 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\TS3Client
2015-10-14 18:07 - 2010-11-21 08:50 - 00701138 _____ C:\Windows\system32\perfh007.dat
2015-10-14 18:07 - 2010-11-21 08:50 - 00150544 _____ C:\Windows\system32\perfc007.dat
2015-10-14 18:07 - 2009-07-14 07:13 - 01631670 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 18:03 - 2015-07-06 11:09 - 00049120 _____ C:\Windows\setupact.log
2015-10-14 18:03 - 2015-01-16 14:20 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-10-14 18:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 18:02 - 2014-12-20 11:48 - 00000000 ____D C:\Users\Gabriele\Desktop\Anti Virus
2015-10-14 18:02 - 2009-07-14 06:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 18:02 - 2009-07-14 06:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 17:46 - 2015-06-17 00:23 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA.job
2015-10-14 17:41 - 2014-05-16 19:19 - 00000000 ____D C:\Users\Gabriele\Desktop\Random
2015-10-14 16:31 - 2013-12-26 22:57 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\gnupg
2015-10-14 15:31 - 2015-01-14 23:37 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\TeamViewer
2015-10-14 14:51 - 2015-06-17 00:23 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core.job
2015-10-14 14:40 - 2014-12-11 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-14 14:40 - 2014-01-19 03:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-11 16:20 - 2015-06-18 19:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-11 16:19 - 2015-04-15 01:58 - 00000080 _____ C:\Users\Gabriele\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-10-11 16:19 - 2015-04-15 01:58 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-10-11 16:18 - 2015-04-15 01:57 - 00000000 ____D C:\Program Files\Rockstar Games
2015-10-11 16:18 - 2013-10-08 22:09 - 00000000 ____D C:\ProgramData\Origin
2015-10-11 15:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-10 22:28 - 2015-04-11 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wii U USB GCN adapter
2015-10-10 22:28 - 2015-02-16 01:51 - 00000000 ____D C:\Program Files (x86)\GCNadapter
2015-10-10 13:34 - 2013-10-07 17:17 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-10 13:34 - 2013-10-07 17:17 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-10 13:34 - 2013-09-30 11:34 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-10 13:29 - 2014-07-27 20:09 - 00000000 ____D C:\Users\Gabriele\Desktop\Audio
2015-10-10 13:27 - 2014-05-16 19:19 - 00000000 ____D C:\Users\Gabriele\Desktop\Gaming
2015-10-10 12:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
2015-10-10 12:41 - 2013-09-30 12:23 - 00000000 ____D C:\Windows\Panther
2015-10-10 00:49 - 2015-01-06 02:33 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-10-10 00:45 - 2013-10-07 17:42 - 00000000 __RHD C:\MSOCache
2015-10-09 22:36 - 2013-09-30 11:28 - 00000000 ____D C:\Users\Gabriele
2015-10-09 19:10 - 2014-11-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
2015-10-09 12:57 - 2015-02-20 13:38 - 00000000 ____D C:\Users\Gabriele\AppData\Local\Steam
2015-10-09 12:19 - 2014-01-23 17:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-07 20:51 - 2013-10-07 17:24 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\Apple Computer
2015-10-07 19:47 - 2013-10-07 17:24 - 00000000 ____D C:\Users\Gabriele\AppData\Local\Apple
2015-10-06 05:55 - 2014-08-11 17:38 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\OBS
2015-09-24 23:27 - 2015-04-24 16:54 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 7 64bit
2015-09-24 23:27 - 2015-02-18 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2015-09-24 23:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-24 23:17 - 2015-08-25 10:33 - 00000000 ___HD C:\$Windows.~BT
2015-09-24 23:17 - 2015-03-14 23:54 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-09-24 23:17 - 2015-02-18 23:46 - 00000000 ____D C:\Users\Gabriele\AppData\Local\CrashDumps
2015-09-24 23:17 - 2015-02-18 23:23 - 00000000 ____D C:\Program Files (x86)\HxD
2015-09-24 23:17 - 2014-12-24 06:33 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-24 23:17 - 2014-12-11 16:36 - 00003322 _____ C:\Windows\System32\Tasks\AviraSpeedup
2015-09-24 23:17 - 2014-09-23 17:20 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\Mumble
2015-09-24 23:17 - 2013-12-23 16:50 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\I2P
2015-09-24 23:17 - 2013-11-03 20:59 - 00000000 ____D C:\Users\Gabriele\AppData\Local\PMB Files
2015-09-24 23:17 - 2013-10-21 23:43 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\vlc
2015-09-24 23:17 - 2013-10-09 15:05 - 00000000 ____D C:\ProgramData\TEMP
2015-09-24 23:17 - 2013-10-07 21:18 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\Skype
2015-09-24 23:17 - 2013-10-07 17:19 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\uTorrent
2015-09-24 23:09 - 2014-12-11 16:45 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-24 23:09 - 2014-12-11 16:45 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-22 16:30 - 2013-09-30 11:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 16:30 - 2013-09-30 11:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-19 12:36 - 2013-10-07 17:24 - 00000000 ____D C:\Users\Gabriele\AppData\Local\Apple Computer
2015-09-18 17:29 - 2015-05-16 19:26 - 00000000 ____D C:\Users\Gabriele\AppData\Roaming\tixati
2015-09-17 11:09 - 2014-12-11 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-09-17 11:09 - 2014-10-28 12:39 - 00000000 ____D C:\Users\Gabriele\AppData\Local\AviraSpeedup
2015-09-16 14:41 - 2015-06-17 00:23 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA
2015-09-16 14:41 - 2015-06-17 00:23 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core

==================== Files in the root of some directories =======

2015-10-10 00:36 - 2015-10-10 00:36 - 1682432 _____ () C:\Program Files (x86)\AdwCleaner.exe
2014-11-20 14:18 - 2014-11-20 14:18 - 0000021 _____ () C:\Users\Gabriele\AppData\Roaming\picker.txt
2014-03-28 18:28 - 2014-03-28 18:28 - 0006333 _____ () C:\Users\Gabriele\AppData\Local\CleanupUninstall.txt
2013-10-01 09:48 - 2013-10-02 11:59 - 1065984 _____ () C:\Users\Gabriele\AppData\Local\file__0.localstorage
2015-04-20 08:16 - 2015-07-06 00:26 - 0000600 _____ () C:\Users\Gabriele\AppData\Local\PUTTY.RND
2015-09-05 19:26 - 2015-09-05 19:26 - 0001235 _____ () C:\Users\Gabriele\AppData\Local\recently-used.xbel
2014-05-09 05:55 - 2014-05-09 05:55 - 0007605 _____ () C:\Users\Gabriele\AppData\Local\Resmon.ResmonCfg
2013-10-09 15:33 - 2013-10-09 15:34 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬶嘠䙄㠠ㄮ⸱㌲⸵㠳※楗摮睯⁳‷潈敭倠敲業浵※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳㈠㙡敤〰愳㕦㐸愲愰晡っ㍡攵扥搹捤㈳㙡敤〰㬳〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬰ㄠ※㬱朠潯汧⁥档潲敭※㬱㈠昴㜳搶ㄷ㥢㐴㠴㥢ㄳㅥ㈳搰㜶扦㈰㡤㤷㈴挹㭣ㄠ)Des卭㽨o耀Taerdl.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:29

==================== End of FRST.txt ============================
--- --- ---



Addition.txt

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Gabriele (2015-10-14 18:34:28)
Running from C:\Users\Gabriele\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-30 09:28:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3537263833-1770889547-2365521400-500 - Administrator - Enabled)
Gabriele (S-1-5-21-3537263833-1770889547-2365521400-1000 - Administrator - Enabled) => C:\Users\Gabriele
Gast (S-1-5-21-3537263833-1770889547-2365521400-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.6.0.1031 - 360 Security Center)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.11 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.12.1445 - Avira Operations GmbH & Co. KG)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BazzISM2 AAX PT 10 2.5.0 (HKLM-x32\...\BazzISM2 AAX PT 10) (Version: 2.5.0 - intelligent sounds and music)
BazzISM2 AAX PT11 2.5.0 (HKLM-x32\...\BazzISM2 AAX PT11) (Version: 2.5.0 - intelligent sounds and music)
BazzISM2 VST2 2.5.0 (HKLM-x32\...\BazzISM2 VST2) (Version: 2.5.0 - intelligent sounds and music)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\Bitcoin Core (64-bit)) (Version: 0.10.2 - Bitcoin Core project)
Bitwig Studio (HKLM-x32\...\{94016811-ED72-49B1-9315-0E92EADBBE38}) (Version: 1.1.8 - Bitwig GmbH)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 1.0 - Dll-Files.com)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dr Glitter Light (HKLM-x32\...\Dr Glitter Light) (Version: 1.45 - Violet Industries)
Dragon's Lair (HKLM-x32\...\Steam App 227380) (Version:  - Digital Leisure Inc.)
DS4Windows (HKLM-x32\...\{9106FAA2-9086-44A3-A79B-8D1AA80CD802}) (Version: 1.5.13 - DSDCS)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2133 - Steinberg Media Technologies GmbH)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
ESEA Client (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version:  - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Glary Utilities 5.28 (HKLM-x32\...\Glary Utilities 5) (Version: 5.28.0.48 - Glarysoft Ltd)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\{AD492C53-49D3-30A1-837C-16E039DEC8C9}) (Version: 65.143.49221 - Google, Inc.)
Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gpg4win (2.2.3) (HKLM-x32\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IndieVolume 3.5.99.171 (HKLM-x32\...\IndieVolume_is1) (Version: 3.5.99.171 - GerixSoft)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.1 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junction Link Magic 2.0 (HKLM\...\Junction Link Magic_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\{0E3DAF3D-FF69-345A-A99E-1FED304CA083}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\{02382870-19C7-3ACD-BBAE-F6E3760947DC}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
My.com Games (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\MyComGames) (Version: 3.120 - My.com B.V.)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version:  - arcai.com)
NETGEAR A6200 Genie (HKLM-x32\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26599 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version:  - John Mulcahy)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Seven Phases Spectrum Analyzer (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\Seven Phases Spectrum Analyzer) (Version:  - )
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
skyforge_mycom (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\skyforge_mycom) (Version: 1.13 - My.com B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version:  - Blue Isle Studios)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spectrum Analyzer pro Live (HKLM-x32\...\Spectrum Analyzer pro Live) (Version: 2013 - PAS-Products)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)
SteelSeries Engine 3.1.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.1.5 - SteelSeries ApS)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.0.0 - Steinberg Media Technologies GmbH)
Steinberg Cubase 7 64bit (HKLM\...\{57FB2180-0FC7-41FC-8D76-3C4271CF4422}) (Version: 7.0.2 - Steinberg Media Technologies GmbH)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.6 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v1.01.3 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Synful Orchestra (HKLM\...\{FB51BBEB-2A5F-4DCE-9CF2-E71DA61D90A2}) (Version: 2.5.2 - Synful)
TCPEye 1.0 (HKLM-x32\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version:  - Free Software Relase)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Tixati (HKLM-x32\...\tixati) (Version:  - )
UltraMap (HKLM-x32\...\UltraMap1.1.19) (Version: 1.1.19 - Ultimarc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
vJoy Device Driver 0.2.0.4 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.4 - Shaul Eizikovich)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Waves Complete V8r13 (HKLM-x32\...\{80000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 8.0.13 - Waves)
Wii U USB GCN adapter version 1.0 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 1.0 - Matt Cunningham)
WildStar (HKLM-x32\...\WildStar) (Version: 0.5.18.6490 - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinImage (HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\...\WinImage) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gabriele\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gabriele\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gabriele\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3537263833-1770889547-2365521400-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gabriele\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

==================== Restore Points =========================

14-10-2015 18:29:05 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {099E5BC5-607E-46F5-9B9F-C6048A53F4C1} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-09-10] (Avira Operations GmbH & Co. KG)
Task: {1C5C7680-B226-476C-9376-4923A8561797} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {2CF6003E-EA43-49D1-982E-72912F36B084} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-06-23] (Glarysoft Ltd)
Task: {62526319-2D7A-4E8E-97D4-76417E3FBB4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core => C:\Users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.)
Task: {62B04C47-9B2D-4053-8892-2E8A601E6393} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-10-09] (Enigma Software Group USA, LLC.)
Task: {7376B23A-255E-4E65-87B5-1C11AFA9A4F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA => C:\Users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.)
Task: {8AE7F728-46D5-4DA6-9C41-426487F7E1CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C34378B7-5113-418F-AB6D-A33718B741A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {C740885A-FA8A-4814-B362-C4F7D68CC34A} - \DLL-Files.Com Fixer_MONTHLY -> No File <==== ATTENTION
Task: {E7B03F9E-E86B-42BD-95BE-72C10F8F6F37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F965E5F2-DDE2-4308-9A8B-A6D7D6F5B841} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {FFD2CE39-E9E3-48B6-8C0C-9AA1DFB7A648} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core.job => C:\Users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA.job => C:\Users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-25 21:25 - 2014-11-25 21:25 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-01-19 03:03 - 2014-01-19 03:03 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-25 09:03 - 2013-03-26 17:36 - 00053976 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00577480 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-09-24 23:14 - 2015-09-21 06:10 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2014-11-25 21:11 - 2014-11-25 21:11 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-11-25 21:05 - 2014-11-25 21:05 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-11-25 20:57 - 2014-11-25 20:57 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-11-25 21:10 - 2014-11-25 21:10 - 00070144 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-11-25 21:13 - 2014-11-25 21:13 - 00742912 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-25 20:59 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 20:59 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:B1Rae0BgxUuh2Dk6agqbzgFPH5
AlternateDataStreams: C:\ProgramData\Microsoft:gTE9t1IqohBpiL6c905IrJXQ
AlternateDataStreams: C:\ProgramData\Microsoft:nFY89H5mgcAARRWoRvtxqY
AlternateDataStreams: C:\ProgramData\Microsoft:T5aNpzUZjgDyMGMCXqI6w
AlternateDataStreams: C:\Users\Gabriele\Lokale Einstellungen:CzxIw1tsyX2yz25eVDHNVl
AlternateDataStreams: C:\Users\Gabriele\AppData\Local:CzxIw1tsyX2yz25eVDHNVl
AlternateDataStreams: C:\Users\Gabriele\AppData\Local\23K0A8Mu6gPc30x:o9uJHPxd7tM7ia3ejAGu1x
AlternateDataStreams: C:\Users\Gabriele\AppData\Local\Anwendungsdaten:CzxIw1tsyX2yz25eVDHNVl

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3537263833-1770889547-2365521400-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 213.33.99.70 - 80.120.17.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gabriele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files (x86)\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EADM => "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Google Update => "C:\Users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoccatKonePure => "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{38C09CCC-7ECF-4DA4-9B0F-22DF7A7042A7}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C7862DA2-8387-4DFC-A3B8-1664AA5EFB07}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{60BF2C16-F102-4138-823A-D011DC0D3AA3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{93B6BF93-A65A-4FD9-8814-C665107DCFA9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BE7DF6E-A61C-49DC-AA22-5B6313361A61}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37671804-72DE-4EEB-B13C-A02FC3152A51}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{123704B1-240B-4876-BD0B-4E0532CF3EB0}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B916EDE6-FEFD-41E3-A6EF-57818B76469D}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{642E1754-C984-43F4-B57F-CF371784B6D2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C7CE2162-5329-45DA-994B-A2B0279683C4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{E73C76E9-7EBF-4D7E-9824-59831976C489}D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{9A2EB677-A84C-4B62-8005-1FD4560E2B16}D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{11F91679-786C-46FA-848B-EE88568305ED}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3FA0362B-3763-4EC6-B475-A0955801FD1B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C5AE3B69-8C53-4768-892A-FF825D55BCC6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9C1BFEAC-2468-4739-A6A1-048B88E76016}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C2902A4F-9A41-4716-A77B-4D3D2364D7C7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{7520EED6-FC6E-4C6A-9C62-C6196391371E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E461B3C9-5A09-466F-B0A3-85DBD2EFA40B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{C6FC5C44-0EAB-4E57-846B-E5DD1DFDE75B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{4F6C5677-6295-423D-BAF0-4385BEE10C3C}] => (Allow) C:\Users\Gabriele\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{B1FDC665-BE35-4546-A9A8-1CE39A5167F3}] => (Allow) C:\Users\Gabriele\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{D9FBB588-A758-46AE-949F-CD4FFE9EE85F}C:\users\gabriele\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\gabriele\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{210E284E-D4CB-4CAD-A600-78ABD6F81FBE}C:\users\gabriele\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\gabriele\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{E2A8165C-D076-437C-B96B-5FD272D9B792}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3CF0AD21-9BE8-442E-83F2-A15390E59005}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{BBA13D95-05CB-4F88-B210-88B348D42025}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{CBF91E68-EA78-4991-A322-C45E5C0D438A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{62126073-2FB2-4974-A754-8476BBD2A053}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{16A2ED0F-C164-47C8-B7EB-9049E6C04FD4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{E93B46B4-34E7-4C65-943B-C739C84D1BDB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{55100AA0-106C-45C9-9AF8-4D307A00193A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{FF8FB936-CB93-4294-8E58-8252CDB748E3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{1DA62773-2319-4A73-88B2-3289FA0D3EF8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [TCP Query User{E7D9E5F4-06AD-4E39-A7DE-C0F4DF8D5630}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{40DF014B-1F1C-4BD6-A0CD-2D6F4634AE76}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{F9570C97-1486-4000-BDDB-423904FB5E86}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC701516-0570-4048-BFFF-587A27457F1D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A57902A7-19CF-4897-8F4E-49026BA219F6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{713873A0-98D8-4039-BD6D-1D1A2D49A878}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{B8877121-C17F-49D5-8B9A-D0A5A145C028}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{11EDBE63-49DF-4647-8C79-41D14A245E03}] => (Allow) LPort=51111
FirewallRules: [{536EFD1B-EFC2-4EAE-AAE6-F9FFBD649708}] => (Allow) LPort=51112
FirewallRules: [{812E6F3B-08F9-4226-BD41-0011781F4B5C}] => (Allow) LPort=51113
FirewallRules: [{7C5B9987-17B7-49E3-9F8C-30E5696FC285}] => (Allow) D:\Cubase7.exe
FirewallRules: [TCP Query User{51B548B1-6213-44AA-B8AA-FB7B3D7FC6B2}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [UDP Query User{BD902C31-4816-476C-B641-4EA72AC6B7B8}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{C1319D76-766E-42F7-A6C2-F08DCC6E2189}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{FB909E8B-A93E-45D3-8724-6F7D120C1483}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{E21D057C-920D-4D8A-BD09-0F98B6241316}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [{343D48DE-2AFC-48BE-8B70-5AE8EBB7CFA4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [TCP Query User{26AD641C-C6BF-4399-812B-092C604D14C4}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{595A5932-96E7-4919-8007-4A5FC0A1C298}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{736A3F76-71D6-4441-804D-293D69651716}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4FAC522E-66B0-4E63-9F18-07CDB21DF472}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E649F92C-787E-4069-A360-82F1225F9D23}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CC49DD0E-61FE-47A2-B1F1-06835519BA8A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{166CE41C-9C2B-4F42-88B7-C2845A95C3AD}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Block) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [UDP Query User{7E7DF6BA-067A-4A7A-92E5-5F9DB8C70787}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Block) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [TCP Query User{0ECC9CCF-5AB8-490E-B6BF-4F77C7016983}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{5292880E-FED6-4C4F-93E2-8AE89782E9D9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{41D831A8-4956-4EC6-92B5-56A9E8087B8F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{A0939E3D-32B5-400F-A2D1-AF02584D1AE8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{8646A225-BB88-4E02-A270-46C3843F1AB7}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [UDP Query User{2C241BF7-E63F-4D79-B8E0-78095C332F22}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [{79643A7E-2039-48B4-A127-9827F32151D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D56B18CF-74D3-4F67-8C7C-5542D2E323E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{59E7921B-0756-46ED-AE6F-1F46F98A0AA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{254FA70A-42D1-4A44-BF97-11C1B03D5AF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{72D708E3-F496-4AEE-86DF-2D5FF6EAFDE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C89E905E-BE68-4E95-A486-9A77009F562C}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D9E1CBFA-4445-4011-9E34-B8D3C6BD3A00}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{AEFDD538-2C7B-44C5-A00E-837ABB65ABF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{352C01C7-CED5-4EFA-8DBA-C85E75EC20B5}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{59D09930-ECC9-42FF-A2B8-BF9C12008AFA}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{1C252C9B-916B-4A03-83C2-41E08A2B2567}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{CAA7824D-BC79-45E6-89CC-2D288D06C6F7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{9210E3FE-17DB-4DB0-8F75-3CCA835D0B2E}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{B2F45704-8171-404F-AB28-C0FE157CCD3D}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{489A1748-7B1C-4F2E-A691-9A4E79FE4E36}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{0CF9AE75-3EE8-435F-BB7C-25E6B5C4750F}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ESEADriver2
Description: ESEADriver2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ESEADriver2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2015 06:03:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 05:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 02:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 02:42:33 PM) (Source: $(ProductName) Service Host) (EventID: 0) (User: )
Description: Failed to process session change. Avira.OE.Communicator.Interface.BackendAuthenticationException: Authentication failed. Reason: RequestFailed
   at Avira.OE.Communicator.Communicator.EnsureAuthenticated()
   at Avira.OE.Communicator.Communicator.ExecuteRequest(Message msg, Boolean withAuthentication)
   at Avira.OE.Communicator.Communicator.CreateAndSendDeviceUpdateDataMessage(String userSid)
   at Avira.OE.Communicator.Communicator.SessionChanged(Session newActiveSession, Session previousActiveSession)
   at Avira.OE.Communicator.Communicator.OnActiveSessionChanged(Object sender, ActiveSessionChangedEventArgs activeSessionChangedEventArgs)
   at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 evt, Object sender, T e)
   at Avira.OE.ServiceHost.SessionManager.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(Object sender, SessionChangeEventArgs args)
   at Avira.OE.ServiceHost.WindowsService.OnSessionChange(SessionChangeDescription changeDescr...

Error: (10/14/2015 01:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2015 03:51:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2015 03:51:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2015 03:51:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2015 03:51:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
	Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/11/2015 03:51:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (10/14/2015 06:34:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 06:24:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 06:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 06:04:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 06:03:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
%%2

Error: (10/14/2015 06:03:02 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (10/14/2015 06:02:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 05:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 05:42:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2015 05:41:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5


CodeIntegrity:
===================================
  Date: 2015-04-29 22:14:34.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-29 22:14:34.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-19 21:02:10.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-19 21:02:10.116
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 29%
Total physical RAM: 16339.14 MB
Available physical RAM: 11478.3 MB
Total Virtual: 16337.32 MB
Available Virtual: 11284.86 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:111.57 GB) (Free:9.59 GB) NTFS
Drive d: (Data) (Fixed) (Total:929.43 GB) (Free:175.33 GB) NTFS
Drive e: (HI-TECH driver) (Fixed) (Total:1.95 GB) (Free:0.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
--- --- ---



EDIT: Auf "Fix" soll ich nicht drücken oder?
__________________
Geändert von HornZ (14.10.2015 um 19:29 Uhr)

Alt 15.10.2015, 14:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Nein, erst wenn ich es sage

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.10.2015, 15:17   #5
HornZ
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Hallo,

Während dem Registry backup vorgang am anfang und auch beim speichern vom Log bekam ich diese Fehlermeldung:

"Error saving file
C:\Windows\erdnt\Hiv-backup\Users\00000004\FILECA~1.DAT !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]"

Ich hab auch gesehen das ich noch einen Windoof Defender aktiv hatte den ich noch nie zuvor gesehen habe und seit 2013 Outdated ist :b. Der Grund für den Error war das nicht aber ich hab gleich noch einen Scan gemacht falls es was blockiert hat ^^


Code:
ATTFilter
ComboFix 15-10-15.01 - Gabriele i 16/10/15  15:20:44.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16339.13290 [GMT 2:00]
Running from: c:\users\Gabriele\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\SysWow64\hookdll.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-16 to 2015-10-16  )))))))))))))))))))))))))))))))
.
.
2015-10-16 13:24 . 2015-10-16 13:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-10-16 12:42 . 2015-10-16 12:42	222	----a-w-	c:\users\Gabriele\advanced_ip_scanner_MAC.bin
2015-10-16 12:27 . 2015-10-16 12:27	--------	d-----w-	c:\program files (x86)\Advanced IP Scanner
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\users\Gabriele\AppData\Local\GlassWire
2015-10-16 12:25 . 2015-05-29 04:15	33248	----a-w-	c:\windows\system32\drivers\gwdrv.sys
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\programdata\GlassWire
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\program files (x86)\GlassWire
2015-10-16 12:16 . 2015-08-31 22:45	11062400	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEA5B9AB-AE4D-49A6-8580-D989A9FEE983}\mpengine.dll
2015-10-15 18:53 . 2015-10-15 18:53	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\CCGetMAC
2015-10-15 18:53 . 2015-10-15 18:53	--------	d-----w-	c:\program files (x86)\CCGetMAC
2015-10-14 18:13 . 2015-10-14 18:13	--------	d-----w-	C:\$WINDOWS.~BT
2015-10-14 17:39 . 2015-10-14 17:39	--------	d-----w-	C:\$Windows.~WS
2015-10-14 17:22 . 2015-01-07 03:28	96768	----a-w-	c:\windows\system32\gpapi.dll
2015-10-14 17:22 . 2015-01-07 03:28	792064	----a-w-	c:\windows\system32\gpsvc.dll
2015-10-14 17:22 . 2015-01-07 03:07	79872	----a-w-	c:\windows\SysWow64\gpapi.dll
2015-10-14 17:22 . 2015-01-07 01:52	105472	----a-w-	c:\windows\system32\drivers\dfsc.sys
2015-10-14 17:22 . 2015-01-07 04:12	15360	----a-w-	c:\windows\system32\drivers\de-DE\mup.sys.mui
2015-10-14 17:22 . 2015-01-07 03:15	104896	----a-w-	c:\windows\system32\drivers\mup.sys
2015-10-14 17:22 . 2015-01-07 03:04	12800	----a-w-	c:\windows\system32\drivers\en-US\mup.sys.mui
2015-10-14 17:22 . 2015-01-07 01:54	316416	----a-w-	c:\windows\system32\drivers\rdbss.sys
2015-10-14 17:16 . 2015-10-14 17:16	--------	d-----w-	c:\program files (x86)\WinDirStat
2015-10-14 16:33 . 2015-10-14 18:10	--------	d-----w-	C:\FRST
2015-10-14 13:15 . 2015-10-14 15:49	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-14 11:45 . 2015-07-01 09:11	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6EDF72-12C0-405A-9E4C-E3597AE10E49}\gapaengine.dll
2015-10-14 11:41 . 2015-08-06 18:06	14182912	----a-w-	c:\windows\system32\shell32.dll
2015-10-14 11:41 . 2015-08-06 18:06	1867776	----a-w-	c:\windows\system32\ExplorerFrame.dll
2015-10-11 14:20 . 2015-10-11 14:20	--------	d-----w-	c:\users\Gabriele\AppData\Local\TERA
2015-10-10 16:25 . 2015-10-10 16:25	--------	d-----w-	c:\programdata\GridinSoft
2015-10-09 22:58 . 2015-10-16 13:24	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-09 22:58 . 2015-10-14 15:42	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-09 22:58 . 2015-10-14 15:31	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-10-09 22:58 . 2015-10-09 22:58	--------	d-----w-	c:\programdata\Malwarebytes
2015-10-09 22:58 . 2015-10-05 07:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-09 22:58 . 2015-10-05 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-10-09 22:37 . 2015-10-09 22:45	--------	d-----w-	C:\AdwCleaner
2015-10-09 22:36 . 2015-10-09 22:36	1682432	----a-w-	c:\program files (x86)\AdwCleaner.exe
2015-10-09 21:12 . 2015-10-09 22:22	--------	d-----w-	c:\programdata\RegRun
2015-10-09 21:11 . 2015-10-09 21:11	2	--shatr-	c:\windows\winstart.bat
2015-10-09 21:10 . 2015-10-14 14:02	--------	d-----w-	c:\program files (x86)\UnHackMe
2015-10-09 20:59 . 2015-10-09 22:39	--------	d-----w-	c:\windows\system32\log
2015-10-09 20:36 . 2015-10-09 20:36	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\Enigma Software Group
2015-10-09 20:36 . 2015-10-09 20:36	--------	d-----w-	C:\sh4ldr
2015-10-09 20:35 . 2015-10-09 20:35	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-10-09 20:35 . 2015-10-09 20:35	--------	d-----w-	c:\program files\Enigma Software Group
2015-10-02 14:40 . 2015-10-02 14:40	17314496	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-24 21:17 . 2015-10-14 15:43	--------	d-----w-	C:\$360Section
2015-09-24 21:15 . 2015-10-14 16:02	--------	d-----w-	c:\programdata\360Quarant
2015-09-24 21:15 . 2015-10-04 22:25	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\360safe
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\360TotalSecurity
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\programdata\360TotalSecurity
2015-09-24 21:14 . 2015-10-14 15:49	--------	d-----w-	c:\programdata\360safe
2015-09-24 21:14 . 2015-09-21 04:10	363088	----a-w-	c:\windows\system32\drivers\360fsflt.sys
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----r-	C:\360SANDBOX
2015-09-24 21:14 . 2015-09-21 04:10	40520	----a-w-	c:\windows\system32\drivers\360Camera64.sys
2015-09-24 21:14 . 2015-09-21 04:10	319568	----a-w-	c:\windows\system32\drivers\360Box64.sys
2015-09-24 21:14 . 2015-09-21 04:10	137296	----a-w-	c:\windows\system32\drivers\360AntiHacker64.sys
2015-09-24 21:14 . 2015-09-21 04:10	178768	----a-w-	c:\windows\system32\drivers\BAPIDRV64.SYS
2015-09-24 21:14 . 2015-09-21 04:10	77904	----a-w-	c:\windows\system32\drivers\360AvFlt.sys
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\program files (x86)\Common Files\AV
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\program files (x86)\360
2015-09-19 10:36 . 2015-10-07 17:47	--------	d-----w-	c:\users\Gabriele\AppData\Local\Apple Inc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-14 16:32 . 2013-10-11 19:19	143481208	----a-w-	c:\windows\system32\MRT.exe
2015-09-28 20:17 . 2015-10-14 11:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-09-22 14:30 . 2013-09-30 09:34	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 14:30 . 2013-09-30 09:34	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:10 . 2015-09-09 12:46	41984	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 03:10 . 2015-09-09 12:46	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 03:10 . 2015-09-09 12:46	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 03:10 . 2015-09-09 12:46	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 02:37 . 2015-09-09 12:46	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-09-02 02:37 . 2015-09-09 12:46	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-09-02 02:37 . 2015-09-09 12:46	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-09-02 02:36 . 2015-09-09 12:46	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-09-02 01:56 . 2015-09-09 12:46	3212288	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:52 . 2015-09-09 12:46	372736	----a-w-	c:\windows\system32\atmfd.dll
2015-09-02 01:32 . 2015-09-09 12:46	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-08-05 18:04 . 2015-09-09 12:46	1110528	----a-w-	c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 12:46	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 12:46	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 12:46	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-11 19:16	1648128	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-11 19:16	1180160	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 19:16	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 19:16	1251328	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-11 19:16	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 00:41	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-12 00:41	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-24 04:21 . 2014-07-15 12:18	1316000	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-07-24 04:21 . 2014-01-23 15:01	1423304	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-07-24 04:21 . 2014-07-15 12:18	1756608	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-07-24 04:21 . 2014-01-23 15:01	1710568	----a-w-	c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndieVolume"="d:\program files (x86)\IndieVolume\IndieVolume.GUI.exe" [2013-04-02 3736576]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2015-10-13 10518528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-09-21 1287800]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-10 66320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" [2015-09-10 10630200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ESEADriver2;ESEADriver2;c:\users\Gabriele\AppData\Local\Temp\ESEADriver2.sys;c:\users\Gabriele\AppData\Local\Temp\ESEADriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys;c:\windows\SYSNATIVE\Drivers\a2djavs.sys [x]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys;c:\windows\SYSNATIVE\Drivers\a2djusb.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 celavimushost;Celavimus Client Host;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ks4avs;Kontrol S4 WDM Audio;c:\windows\system32\Drivers\ks4avs.sys;c:\windows\SYSNATIVE\Drivers\ks4avs.sys [x]
R3 ks4usb_svc;Traktor Kontrol S4;c:\windows\system32\Drivers\ks4usb.sys;c:\windows\SYSNATIVE\Drivers\ks4usb.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzmpos;rzmpos;c:\windows\system32\DRIVERS\rzmpos.sys;c:\windows\SYSNATIVE\DRIVERS\rzmpos.sys [x]
R3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 IndieVolumeService;IndieVolume Service;d:\program files (x86)\IndieVolume\IndieVolume.SVC.exe;d:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 vjoy;vJoy Device;c:\windows\system32\DRIVERS\vjoy.sys;c:\windows\SYSNATIVE\DRIVERS\vjoy.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - IndieVolumeDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-14 17:31	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core.job
- c:\users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-16 23:37]
.
2015-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA.job
- c:\users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-16 23:37]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.33.99.70 80.120.17.70
FF - ProfilePath - c:\users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\i4cqazf6.default-1436642927618\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Seven Phases Spectrum Analyzer - c:\program files (x86)\Steinberg\Cubase 5\VST 2\Seven Phases\Seven Phases Spectrum Analyzer\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{77E8143B-6759-416E-B521-82CFED75150B}"=hex:51,66,7a,6c,4c,1d,38,12,55,17,fb,
   73,6b,29,00,04,ca,37,c1,8f,e8,2b,51,1f
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:34,c3,06,de,50,15,d0,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,8d,75,05,32,6a,fa,41,8f,48,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,8d,75,05,32,6a,fa,41,8f,48,39,\
.
[HKEY_USERS\S-1-5-21-3537263833-1770889547-2365521400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDEE968F-2DA1-6B82-67B7-2BB4EACFA56D}*]
"labcgbmdfogakchhmnafhcoo"=hex:65,62,6a,68,65,63,62,69,6f,67,70,61,68,6f,64,6a,
   6b,62,62,6a,6d,6a,64,69,65,67,6d,67,6f,64,6f,6b,6c,6a,65,6d,6b,65,63,67,62,\
"lalanbggahpejjbnilfbegpm"=hex:65,62,6b,68,63,64,6a,65,65,64,6e,63,6d,68,64,65,
   62,6c,69,65,63,69,6f,6a,6a,65,70,62,68,6c,69,64,66,64,6c,68,61,63,6c,68,62,\
"hakbcefbpcfbajpc"=hex:6f,61,6e,64,68,69,66,6e,6e,6a,6a,70,67,67,69,70,6b,63,
   69,63,62,68,64,6f,6c,6c,63,70,6c,62,00,ff
"hakbcefbmcecgkeb"=hex:6f,61,67,6a,6c,62,6f,6e,6f,66,61,6b,6d,6a,70,62,6b,68,
   66,6d,61,62,66,61,6a,65,64,62,6a,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\360\Total Security\safemon\QHWatchdog.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
.
**************************************************************************
.
Completion time: 2015-10-16  15:26:53 - machine was rebooted
ComboFix-quarantined-files.txt  2015-10-16 13:26
.
Pre-Run: 20,302,221,312 bytes free
Post-Run: 20,150,194,176 bytes free
.
- - End Of File - - C18F911A9031EE79E913187970246C05
A36C5E4F47E84449FF07ED3517B43A31
Hier der Log nach dem Deaktivieren:
Code:
ATTFilter
ComboFix 15-10-15.01 - Gabriele i 16/10/15  16:16:43.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16339.14234 [GMT 2:00]
Running from: c:\users\Gabriele\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-16 to 2015-10-16  )))))))))))))))))))))))))))))))
.
.
2015-10-16 14:19 . 2015-10-16 14:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-10-16 14:19 . 2015-10-16 14:19	--------	d-----w-	c:\users\admin\AppData\Local\temp
2015-10-16 12:42 . 2015-10-16 12:42	222	----a-w-	c:\users\Gabriele\advanced_ip_scanner_MAC.bin
2015-10-16 12:27 . 2015-10-16 12:27	--------	d-----w-	c:\program files (x86)\Advanced IP Scanner
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\users\Gabriele\AppData\Local\GlassWire
2015-10-16 12:25 . 2015-05-29 04:15	33248	----a-w-	c:\windows\system32\drivers\gwdrv.sys
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\programdata\GlassWire
2015-10-16 12:25 . 2015-10-16 12:25	--------	d-----w-	c:\program files (x86)\GlassWire
2015-10-16 12:16 . 2015-08-31 22:45	11062400	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEA5B9AB-AE4D-49A6-8580-D989A9FEE983}\mpengine.dll
2015-10-15 18:53 . 2015-10-15 18:53	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\CCGetMAC
2015-10-15 18:53 . 2015-10-15 18:53	--------	d-----w-	c:\program files (x86)\CCGetMAC
2015-10-14 18:13 . 2015-10-14 18:13	--------	d-----w-	C:\$WINDOWS.~BT
2015-10-14 17:39 . 2015-10-14 17:39	--------	d-----w-	C:\$Windows.~WS
2015-10-14 17:22 . 2015-01-07 03:28	96768	----a-w-	c:\windows\system32\gpapi.dll
2015-10-14 17:22 . 2015-01-07 03:28	792064	----a-w-	c:\windows\system32\gpsvc.dll
2015-10-14 17:22 . 2015-01-07 03:07	79872	----a-w-	c:\windows\SysWow64\gpapi.dll
2015-10-14 17:22 . 2015-01-07 01:52	105472	----a-w-	c:\windows\system32\drivers\dfsc.sys
2015-10-14 17:22 . 2015-01-07 04:12	15360	----a-w-	c:\windows\system32\drivers\de-DE\mup.sys.mui
2015-10-14 17:22 . 2015-01-07 03:15	104896	----a-w-	c:\windows\system32\drivers\mup.sys
2015-10-14 17:22 . 2015-01-07 03:04	12800	----a-w-	c:\windows\system32\drivers\en-US\mup.sys.mui
2015-10-14 17:22 . 2015-01-07 01:54	316416	----a-w-	c:\windows\system32\drivers\rdbss.sys
2015-10-14 17:16 . 2015-10-14 17:16	--------	d-----w-	c:\program files (x86)\WinDirStat
2015-10-14 16:33 . 2015-10-14 18:10	--------	d-----w-	C:\FRST
2015-10-14 13:15 . 2015-10-14 15:49	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-14 11:45 . 2015-07-01 09:11	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6EDF72-12C0-405A-9E4C-E3597AE10E49}\gapaengine.dll
2015-10-14 11:41 . 2015-08-06 18:06	14182912	----a-w-	c:\windows\system32\shell32.dll
2015-10-14 11:41 . 2015-08-06 18:06	1867776	----a-w-	c:\windows\system32\ExplorerFrame.dll
2015-10-11 14:20 . 2015-10-11 14:20	--------	d-----w-	c:\users\Gabriele\AppData\Local\TERA
2015-10-10 16:25 . 2015-10-10 16:25	--------	d-----w-	c:\programdata\GridinSoft
2015-10-09 22:58 . 2015-10-16 14:13	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-09 22:58 . 2015-10-14 15:42	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-09 22:58 . 2015-10-14 15:31	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-10-09 22:58 . 2015-10-09 22:58	--------	d-----w-	c:\programdata\Malwarebytes
2015-10-09 22:58 . 2015-10-05 07:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-09 22:58 . 2015-10-05 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-10-09 22:37 . 2015-10-09 22:45	--------	d-----w-	C:\AdwCleaner
2015-10-09 22:36 . 2015-10-09 22:36	1682432	----a-w-	c:\program files (x86)\AdwCleaner.exe
2015-10-09 21:12 . 2015-10-09 22:22	--------	d-----w-	c:\programdata\RegRun
2015-10-09 21:11 . 2015-10-09 21:11	2	--shatr-	c:\windows\winstart.bat
2015-10-09 21:10 . 2015-10-14 14:02	--------	d-----w-	c:\program files (x86)\UnHackMe
2015-10-09 20:59 . 2015-10-09 22:39	--------	d-----w-	c:\windows\system32\log
2015-10-09 20:36 . 2015-10-09 20:36	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\Enigma Software Group
2015-10-09 20:36 . 2015-10-09 20:36	--------	d-----w-	C:\sh4ldr
2015-10-09 20:35 . 2015-10-09 20:35	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-10-09 20:35 . 2015-10-09 20:35	--------	d-----w-	c:\program files\Enigma Software Group
2015-10-02 14:40 . 2015-10-02 14:40	17314496	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-24 21:17 . 2015-10-14 15:43	--------	d-----w-	C:\$360Section
2015-09-24 21:15 . 2015-10-14 16:02	--------	d-----w-	c:\programdata\360Quarant
2015-09-24 21:15 . 2015-10-04 22:25	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\360safe
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\users\Gabriele\AppData\Roaming\360TotalSecurity
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\programdata\360TotalSecurity
2015-09-24 21:14 . 2015-10-14 15:49	--------	d-----w-	c:\programdata\360safe
2015-09-24 21:14 . 2015-09-21 04:10	363088	----a-w-	c:\windows\system32\drivers\360fsflt.sys
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----r-	C:\360SANDBOX
2015-09-24 21:14 . 2015-09-21 04:10	40520	----a-w-	c:\windows\system32\drivers\360Camera64.sys
2015-09-24 21:14 . 2015-09-21 04:10	319568	----a-w-	c:\windows\system32\drivers\360Box64.sys
2015-09-24 21:14 . 2015-09-21 04:10	137296	----a-w-	c:\windows\system32\drivers\360AntiHacker64.sys
2015-09-24 21:14 . 2015-09-21 04:10	178768	----a-w-	c:\windows\system32\drivers\BAPIDRV64.SYS
2015-09-24 21:14 . 2015-09-21 04:10	77904	----a-w-	c:\windows\system32\drivers\360AvFlt.sys
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\program files (x86)\Common Files\AV
2015-09-24 21:14 . 2015-09-24 21:14	--------	d-----w-	c:\program files (x86)\360
2015-09-19 10:36 . 2015-10-07 17:47	--------	d-----w-	c:\users\Gabriele\AppData\Local\Apple Inc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-14 16:32 . 2013-10-11 19:19	143481208	----a-w-	c:\windows\system32\MRT.exe
2015-09-28 20:17 . 2015-10-14 11:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-09-22 14:30 . 2013-09-30 09:34	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 14:30 . 2013-09-30 09:34	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:10 . 2015-09-09 12:46	41984	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 03:10 . 2015-09-09 12:46	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 03:10 . 2015-09-09 12:46	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 03:10 . 2015-09-09 12:46	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 02:37 . 2015-09-09 12:46	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-09-02 02:37 . 2015-09-09 12:46	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-09-02 02:37 . 2015-09-09 12:46	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-09-02 02:36 . 2015-09-09 12:46	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-09-02 01:56 . 2015-09-09 12:46	3212288	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:52 . 2015-09-09 12:46	372736	----a-w-	c:\windows\system32\atmfd.dll
2015-09-02 01:32 . 2015-09-09 12:46	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-08-05 18:04 . 2015-09-09 12:46	1110528	----a-w-	c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 12:46	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 12:46	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 12:46	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-11 19:16	1648128	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-11 19:16	1180160	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 19:16	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 19:16	1251328	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-11 19:16	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 00:41	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-12 00:41	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-24 04:21 . 2014-07-15 12:18	1316000	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-07-24 04:21 . 2014-01-23 15:01	1423304	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-07-24 04:21 . 2014-07-15 12:18	1756608	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-07-24 04:21 . 2014-01-23 15:01	1710568	----a-w-	c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndieVolume"="d:\program files (x86)\IndieVolume\IndieVolume.GUI.exe" [2013-04-02 3736576]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2015-10-13 10518528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-09-21 1287800]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-10 66320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" [2015-09-10 10630200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ESEADriver2;ESEADriver2;c:\users\Gabriele\AppData\Local\Temp\ESEADriver2.sys;c:\users\Gabriele\AppData\Local\Temp\ESEADriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys;c:\windows\SYSNATIVE\Drivers\a2djavs.sys [x]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys;c:\windows\SYSNATIVE\Drivers\a2djusb.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 celavimushost;Celavimus Client Host;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ks4avs;Kontrol S4 WDM Audio;c:\windows\system32\Drivers\ks4avs.sys;c:\windows\SYSNATIVE\Drivers\ks4avs.sys [x]
R3 ks4usb_svc;Traktor Kontrol S4;c:\windows\system32\Drivers\ks4usb.sys;c:\windows\SYSNATIVE\Drivers\ks4usb.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzmpos;rzmpos;c:\windows\system32\DRIVERS\rzmpos.sys;c:\windows\SYSNATIVE\DRIVERS\rzmpos.sys [x]
R3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IndieVolumeService;IndieVolume Service;d:\program files (x86)\IndieVolume\IndieVolume.SVC.exe;d:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 vjoy;vJoy Device;c:\windows\system32\DRIVERS\vjoy.sys;c:\windows\SYSNATIVE\DRIVERS\vjoy.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IndieVolumeDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-14 17:31	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000Core.job
- c:\users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-16 23:37]
.
2015-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3537263833-1770889547-2365521400-1000UA.job
- c:\users\Gabriele\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-16 23:37]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.33.99.70 80.120.17.70
FF - ProfilePath - c:\users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\i4cqazf6.default-1436642927618\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{77E8143B-6759-416E-B521-82CFED75150B}"=hex:51,66,7a,6c,4c,1d,38,12,55,17,fb,
   73,6b,29,00,04,ca,37,c1,8f,e8,2b,51,1f
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:34,c3,06,de,50,15,d0,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,8d,75,05,32,6a,fa,41,8f,48,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,8d,75,05,32,6a,fa,41,8f,48,39,\
.
[HKEY_USERS\S-1-5-21-3537263833-1770889547-2365521400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDEE968F-2DA1-6B82-67B7-2BB4EACFA56D}*]
"labcgbmdfogakchhmnafhcoo"=hex:65,62,6a,68,65,63,62,69,6f,67,70,61,68,6f,64,6a,
   6b,62,62,6a,6d,6a,64,69,65,67,6d,67,6f,64,6f,6b,6c,6a,65,6d,6b,65,63,67,62,\
"lalanbggahpejjbnilfbegpm"=hex:65,62,6b,68,63,64,6a,65,65,64,6e,63,6d,68,64,65,
   62,6c,69,65,63,69,6f,6a,6a,65,70,62,68,6c,69,64,66,64,6c,68,61,63,6c,68,62,\
"hakbcefbpcfbajpc"=hex:6f,61,6e,64,68,69,66,6e,6e,6a,6a,70,67,67,69,70,6b,63,
   69,63,62,68,64,6f,6c,6c,63,70,6c,62,00,ff
"hakbcefbmcecgkeb"=hex:6f,61,67,6a,6c,62,6f,6e,6f,66,61,6b,6d,6a,70,62,6b,68,
   66,6d,61,62,66,61,6a,65,64,62,6a,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-16  16:21:07
ComboFix-quarantined-files.txt  2015-10-16 14:21
ComboFix2.txt  2015-10-16 13:26
.
Pre-Run: 20,069,232,640 bytes free
Post-Run: 19,903,041,536 bytes free
.
- - End Of File - - B4D7AD80A3249C5A58F3A6997FAAF09F
A36C5E4F47E84449FF07ED3517B43A31
Vielen Dank nochmals für die Hilfe!

Geändert von HornZ (16.10.2015 um 15:31 Uhr)

Alt 17.10.2015, 15:44   #6
schrauber
/// the machine
/// TB-Ausbilder
 
HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Standard

HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.

Antwort

Themen zu HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.
avira, backdoor, computer, defender, down, error, firewall, google, help, infected, karte, log, malwarebytes, neu, problem, registry, rootkit, scan, secure, software, spyware, start up, system, trojan, virus, virus meldung, windows


« Mailaccount verschickt Spam trotz Änderung des Passworts - Keylogger? | Extrem langsam gewordener Rechner,verbunden mit Browser-PopUp bei Start des Rechners? »

Ähnliche Themen: HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.


  1. HEUR/QVM10.1.malware.gen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2015 (3)
  2. HEUR/QVM10.1.Malware.Gen kann von 360 Internet Security nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (3)
  3. Malware/Windowsupdates zeigen Konfigurationsfehler an und installieren sich nicht mehr
    Log-Analyse und Auswertung - 15.08.2014 (29)
  4. Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu
    Log-Analyse und Auswertung - 22.01.2014 (17)
  5. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  6. Ransomware - Avira DE-Cleaner meldet immer wieder 3 Files
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (19)
  7. Musik Player harkt immer, die Seiten bauen sich langsam auf, immer wieder scheint der PC insgesamt zu harken
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (3)
  8. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  9. Trojan.MulDrop1.45351 und Gen.Heur.Krypt.5(DB), SweetIM, und PC hängt sich immer auf
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (3)
  10. Trojan Alarm! immer wieder DWH*.tmp Files
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (1)
  11. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  12. Search Setting will sich immer Installieren
    Log-Analyse und Auswertung - 15.01.2010 (11)
  13. immer wieder HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (3)
  14. Anti-Malware lässt sich nicht öffnen/installieren
    Plagegeister aller Art und deren Bekämpfung - 07.04.2009 (13)
  15. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  16. seit 29.6 bei neustart immer 'HEUR/Malware' [heuristic] von antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.07.2008 (5)
  17. immer wieder Downloader in C:\\Windows\temp files
    Plagegeister aller Art und deren Bekämpfung - 02.10.2007 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. - Hallo, Nachdem ich ewig selbst probiert habe dieses problem zu lösen und nichts geklappt hat, muss ich mir jetzt hilfe holen. Hier ist mal der letzte log von 360 Total - HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu....
Archiv
Du betrachtest: HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129