| |
| |||||||
Log-Analyse und Auswertung: Win7x64, "Kopieren" von Daten im HintergrundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.07.2016, 21:00
| #1 |
| |  Win7x64, "Kopieren" von Daten im Hintergrund Hallo In den letzten Tagen war das Internet manchmal etwas langsamer, was alleine noch kein Grund wäre hier ein Thema zu eröffnen, vorallem da ich des öfteren mehrere Browserfenster mit vielen offen Tabs am laufen habe. Allerdings, wärend ich heute ein Stream angesehen habe sah ich für kurze Zeit, leider zu kurz um zu sehen welche Datei es war, ein Fenster wie beim Kopieren von Daten. Auch wenn ich nicht wirklich extrem Heikle Daten auf meinem PC habe, so möcht ich mir bei sowas doch lieber sicher sein ob niemand meine Schritte am PC verfolgt. Im Explorer nachgeschaut welches die letzten veränderten Daten sind (direkt nach dem geschehen) fielen mir Insbesondere diese Einträge ins Auge: LWSDebugOut - C/Users/Akira/AppData/Local/Temp cFosSpeed - C/ProgramData/cFos !! trace C/ProgramData/cFos/cFosSpeed cliqz.dbhumanweb - C/Users/Akira/AppData/Roaming/Mozilla/Firefox/Profiles xm3lk03h.default - "" cFos steht doch im zusammenhang mit Outlook Sync. Caleneder, ich Arbeite weder mit Outlook noch dem Calender und schon garnicht mit Auto Sync. Desshalb vermute ich mal das da was nicht Stimmt. Hoffe Ihr könnt mir weiterhelfen, insbesondere mit der Frage Neuaufsetzen, oder reicht es mit ein paar Tools mal wieder aufzuräumen, respektive besteht überhaupt ein Problem. Hier noch die Logfiles : FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016 Ran by Akira (administrator) on AAX-ALPHABUILD (26-07-2016 21:35:28) Running from F:\Downloads Loaded Profiles: Akira (Available Profiles: Akira) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\SysWOW64\ASGT.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (cFos Software GmbH) C:\Program Files\ASUS\ROG GameFirst II\spd.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Akamai Technologies, Inc.) C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe (Epic Privacy Browser) C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe (© 2015 Microsoft Corporation) C:\Users\Akira\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Akamai Technologies, Inc.) C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (Logitech) C:\Program Files (x86)\Logitech\H800\H800.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTStackServer.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (RealNetworks, Inc.) F:\RealPlayerCloud\Update\realsched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [ROG GameFirst II] => C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe [3064232 2012-08-09] (cFos Software GmbH) HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2014-07-12] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe [5099840 2013-06-26] (ASUS Cloud Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-06-16] (Razer Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Logitech H800] => C:\Program Files (x86)\Logitech\H800\H800.exe [273432 2011-07-29] (Logitech) HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE [10677320 2012-11-08] (D-Link Corporation) HKLM-x32\...\Run: [TkBellExe] => F:\RealPlayerCloud\update\realsched.exe [296520 2014-07-15] (RealNetworks, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831064 2016-07-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [CatalinaGroup Update] => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130928 2015-10-12] (Catalina Group Ltd.) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2015-06-13] (Epic Privacy Browser) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [BingSvc] => C:\Users\Akira\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-06] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] () HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {613730fd-0953-11e4-9920-806e6f6e6963} - D:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {75908449-095c-11e4-83a1-806e6f6e6963} - "D:\Diablo III Setup.exe" HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {90aaeb40-0c8d-11e4-942c-806e6f6e6963} - E:\wubi.exe HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {c770af2c-0c3c-11e6-bf15-5cf370661ba4} - E:\autorun.bat IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-03] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-18] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-07-18] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-18] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{A0023ECA-D9A4-41A3-A1EF-06A6220EE7D4}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B6E11C16-1585-4F8A-AE4E-C58AEFAD19FA}: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{EF18A811-C824-4CD0-9BC8-9E481C2BEBE0}: [DhcpNameServer] 192.168.192.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-ch/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Sense -> {11111111-1111-1111-1111-110611901159} -> No File BHO: Ge-Force -> {11111111-1111-1111-1111-110611971195} -> No File BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-10] (RealDownloader) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation) BHO-x32: No Name -> {11111111-1111-1111-1111-110611901159} -> No File BHO-x32: No Name -> {11111111-1111-1111-1111-110611971195} -> No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://google.com/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-16] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.11.7 -> F:\RealPlayerCloud\Netscape6\nppl3260.dll [2014-07-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.7 -> F:\RealPlayerCloud\Netscape6\nprpplugin.dll [2014-07-15] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\Akira\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-12] (Catalina Group Ltd.) FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\Akira\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-12] (Catalina Group Ltd.) FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-06-13] (Epic Privacy Browser) FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-06-13] (Epic Privacy Browser) FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: www.mydlink.com/Uplayer -> C:\Users\Akira\AppData\Roaming\dlink\Uplayer\1.0.0.31\npUplayer.dll [2015-06-29] (D-LINK CORPORATION) FF user.js: detected! => C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\user.js [2015-01-29] FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\google-images.xml [2014-10-27] FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\google-maps.xml [2014-10-27] FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\metager.xml [2014-07-18] FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\youtube.xml [2015-12-11] FF Extension: Fasterfox - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2016-04-27] FF Extension: Bing Search - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\bingsearch.full@microsoft.com [2015-10-28] [not signed] FF Extension: Cliqz - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\cliqz@cliqz.com.xpi [2016-06-28] FF Extension: Adblock Plus - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-15] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\extensions\cliqz@cliqz.com => not found Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1421364679&from=cor&uid=TOSHIBAXTHNSNH256GBST_53PS105UTE8Y105UTE8Y" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll => No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll => No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll => No File CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll => No File CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll => No File CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File CHR Profile: C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11] CHR Extension: (Google Search) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11] CHR Extension: (RealPlayer Downloader) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-01-29] CHR Extension: (Skype) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23] CHR Extension: (Gmail) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09] CHR HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] Opera: ======= OPR Extension: (Ge-ForcePlus v2) - C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhjehbmopbfbomhchfkhbghcehpeiijl [2015-10-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed] S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-07-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-07-26] (Avira Operations GmbH & Co. KG) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] () R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG) R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [860072 2012-08-09] (cFos Software GmbH) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1309936 2016-07-17] (Overwolf LTD) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] () R2 RealPlayer Cloud Service; F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe [1141848 2014-07-15] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-26] () [File not signed] R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2014-07-12] (ASUSTek Computer Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-27] (Avira Operations GmbH & Co. KG) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-18] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-18] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-18] (Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed] S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-26 21:34 - 2016-07-26 21:35 - 00000000 ____D C:\FRST 2016-07-26 21:34 - 2016-07-26 21:34 - 00002148 _____ C:\Users\Akira\Desktop\HijackThis - CHIP Installer.lnk 2016-07-25 19:22 - 2016-07-25 19:22 - 00001143 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-07-25 07:29 - 2016-07-26 17:38 - 00000000 ____D C:\Users\Akira\AppData\Roaming\vlc 2016-07-25 07:29 - 2016-07-25 07:29 - 00001079 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-07-25 07:29 - 2016-07-25 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-07-25 07:29 - 2016-07-25 07:29 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-07-25 03:33 - 2016-07-25 03:33 - 00001614 _____ C:\Users\Akira\Desktop\I Don't Want to Be Songtext.txt 2016-07-18 20:23 - 2016-07-18 20:23 - 00001020 _____ C:\Users\Public\Desktop\UltraISO.lnk 2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\Users\Akira\Documents\My ISO Files 2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\Program Files (x86)\UltraISO 2016-07-18 20:20 - 2016-07-18 20:22 - 00000000 ____D C:\Users\Akira\AppData\Local\WinZip 2016-07-18 20:20 - 2016-07-18 20:21 - 00000000 ____D C:\ProgramData\WinZip 2016-07-18 20:20 - 2016-07-18 20:20 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk 2016-07-18 20:20 - 2016-07-18 20:20 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk 2016-07-18 20:20 - 2016-07-18 20:20 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk 2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\Users\Akira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5 2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5 2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\Program Files\WinZip 2016-07-18 20:19 - 2016-07-18 20:19 - 00000000 ____D C:\Users\Akira\Documents\Add-in Express 2016-07-18 20:19 - 2016-07-18 20:19 - 00000000 ____D C:\ProgramData\UniqueId 2016-07-15 14:43 - 2016-07-18 20:55 - 00000400 __RSH C:\ProgramData\ntuser.pol 2016-07-13 08:16 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-07-13 08:16 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-07-13 08:16 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-07-13 08:16 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-07-13 08:16 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2016-07-13 08:16 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-07-13 08:16 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-07-13 08:16 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2016-07-13 08:16 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2016-07-13 08:16 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2016-07-13 08:16 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-07-13 08:16 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-07-13 08:16 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-07-13 08:16 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-07-13 08:16 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-07-13 08:16 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-07-13 08:16 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-07-13 08:16 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-07-13 08:16 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-07-13 08:16 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-07-13 08:16 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-07-13 08:16 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-07-13 08:16 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-07-13 08:16 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-07-13 08:16 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-07-13 08:16 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-07-13 08:16 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-07-13 08:16 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-07-13 08:16 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-07-13 08:16 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-07-13 08:16 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-07-13 08:16 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-07-13 08:16 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-07-13 08:16 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-07-13 08:16 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-07-13 08:16 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-07-13 08:16 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-07-13 08:16 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-07-13 08:16 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-07-13 08:16 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-07-13 08:16 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-07-13 08:16 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-07-13 08:16 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-07-13 08:16 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-07-13 08:16 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-07-13 08:16 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-07-13 08:16 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-07-13 08:16 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-07-13 08:16 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-07-13 08:16 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-07-13 08:16 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-07-13 08:16 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-07-13 08:16 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-07-13 08:16 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-07-13 08:16 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-07-13 08:16 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-07-13 08:16 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-07-13 08:16 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-07-13 08:16 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-07-13 08:16 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-07-13 08:16 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-07-13 08:16 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-07-13 08:16 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-13 08:16 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-07-13 08:16 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-07-13 08:16 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-07-13 08:16 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-07-13 08:16 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-07-13 08:16 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-07-13 08:16 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-07-13 08:16 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-07-13 08:16 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-07-13 08:16 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-07-13 08:16 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-07-13 08:16 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-07-13 08:16 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-07-13 08:16 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-07-12 10:15 - 2016-07-12 10:15 - 00000000 ___HD C:\$Windows.~WS 2016-06-27 10:09 - 2016-07-21 11:12 - 00000002 _____ C:\END ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-26 21:21 - 2016-03-04 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-07-26 21:20 - 2016-03-04 18:14 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-07-26 21:20 - 2016-03-04 18:14 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-07-26 21:14 - 2015-01-15 22:14 - 00001330 _____ C:\Windows\Tasks\GE.job 2016-07-26 21:13 - 2015-01-15 22:13 - 00001338 _____ C:\Windows\Tasks\GSJSNB.job 2016-07-26 20:58 - 2015-06-13 23:26 - 00002383 _____ C:\Users\Akira\Desktop\Epic Privacy Browser.lnk 2016-07-26 20:58 - 2015-06-13 23:24 - 00000000 ____D C:\Users\Akira\AppData\Local\Epic Privacy Browser 2016-07-26 20:51 - 2014-07-16 04:18 - 00001150 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA.job 2016-07-26 20:50 - 2015-01-15 21:50 - 00001336 _____ C:\Windows\Tasks\EZGLS.job 2016-07-26 20:49 - 2015-01-15 21:49 - 00001338 _____ C:\Windows\Tasks\YVUEUT.job 2016-07-26 20:43 - 2016-02-12 02:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-26 20:39 - 2014-07-12 02:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-26 15:25 - 2009-07-14 06:45 - 00036192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-26 15:25 - 2009-07-14 06:45 - 00036192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-26 15:20 - 2014-07-16 04:18 - 00001098 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core.job 2016-07-26 00:39 - 2014-07-12 02:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-25 19:22 - 2014-07-12 03:27 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-25 02:43 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-25 02:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-07-24 03:39 - 2014-07-16 04:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-07-24 03:38 - 2014-07-16 04:34 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-07-23 05:14 - 2016-04-02 22:09 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 2016-07-23 05:14 - 2016-04-02 22:09 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 2016-07-21 17:11 - 2015-02-14 23:11 - 00000000 ____D C:\Program Files (x86)\Overwolf 2016-07-21 07:21 - 2014-07-15 17:27 - 00003374 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 2016-07-21 07:21 - 2014-07-15 17:27 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 2016-07-17 01:30 - 2015-10-25 20:28 - 00000000 ____D C:\Users\Akira\AppData\Roaming\Skype 2016-07-17 00:56 - 2015-02-14 23:09 - 00000000 ____D C:\Users\Akira\AppData\Roaming\TS3Client 2016-07-15 14:43 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-07-15 14:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-07-15 06:43 - 2016-02-12 02:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-15 06:43 - 2014-07-13 00:08 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-15 06:43 - 2014-07-13 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-15 04:34 - 2015-12-07 22:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-15 04:34 - 2014-12-23 17:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-14 15:02 - 2014-07-28 21:34 - 00000000 ____D C:\Users\Akira\AppData\Local\CrashDumps 2016-07-14 14:55 - 2014-07-12 03:13 - 00000000 _____ C:\Windows\Path.idx 2016-07-14 14:25 - 2014-09-06 08:28 - 00002555 _____ C:\Windows\MB.idx 2016-07-14 07:46 - 2014-07-12 16:54 - 00000000 ____D C:\Users\Akira\AppData\Local\ElevatedDiagnostics 2016-07-14 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-07-14 07:22 - 2014-07-12 03:06 - 01048576 _____ C:\Windows\PE_Rom.dll 2016-07-14 07:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-14 07:21 - 2009-07-14 06:45 - 00381760 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-14 03:04 - 2014-07-12 16:28 - 00000000 ____D C:\Windows\system32\MRT 2016-07-14 03:01 - 2014-07-12 16:28 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-13 03:43 - 2014-07-13 00:08 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-13 03:43 - 2014-07-12 03:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-12 10:15 - 2014-07-12 11:29 - 00000000 ____D C:\Windows\Panther 2016-07-08 05:20 - 2014-07-13 00:01 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405202463 2016-07-08 05:20 - 2014-07-13 00:01 - 00000000 ____D C:\Program Files (x86)\Opera 2016-07-07 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-06 12:35 - 2014-07-17 01:45 - 00000000 ____D C:\Program Files (x86)\Entropia Universe ==================== Files in the root of some directories ======= 2014-09-01 10:18 - 2015-02-12 20:04 - 0000935 _____ () C:\Users\Akira\AppData\Roaming\EZGLS 2014-09-01 10:18 - 2015-02-12 20:04 - 0000935 _____ () C:\Users\Akira\AppData\Roaming\GE 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Akira\AppData\Roaming\GSJSNB 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Akira\AppData\Roaming\YVUEUT 2014-07-18 20:33 - 2014-07-18 20:33 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-07-12 02:39 - 2014-07-12 02:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Akira\AppData\Local\Temp\avgnt.exe C:\Users\Akira\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-17 21:05 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016 Ran by Akira (2016-07-26 21:35:56) Running from F:\Downloads Windows 7 Professional Service Pack 1 (X64) (2014-07-11 23:54:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1038042310-4131372163-2243221697-500 - Administrator - Disabled) Akira (S-1-5-21-1038042310-4131372163-2243221697-1000 - Administrator - Enabled) => C:\Users\Akira Guest (S-1-5-21-1038042310-4131372163-2243221697-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1038042310-4131372163-2243221697-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) 888poker (HKLM-x32\...\888poker) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.) Akamai NetSession Interface (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (HKLM\...\{22E2B25B-2FFE-1A69-E591-55DD72BC5F5B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) Asunsoft Windows 7 Password Geeker Trial (HKLM-x32\...\Asunsoft Windows 7 Password Geeker Trial) (Version: 1.0 - Asunsoft) ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS) ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.2.3 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.5.2.3 - ASUSTek COMPUTER INC.) Hidden ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.0.7.8 - ASUS) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.) ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.15 - ASUSTeK Computer Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Citrio (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Citrio) (Version: 50.0.2661.271 - © Catalinagroup Ltd.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd) DarkStar One (HKLM-x32\...\Steam App 12330) (Version: - Ascaron Entertainment ltd.) Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal) Device Pack (HKLM-x32\...\{D54D4A22-4382-4485-92DF-00C39F123E87}) (Version: 1.4.6 - D-Link) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) D-Link D-ViewCam (HKLM-x32\...\{440E9F90-0619-4E84-8226-65AD5073AD24}) (Version: 3.4.0 - D-Link) Echo of Soul (HKLM-x32\...\Echo of Soul) (Version: - ) Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 14.7.4.124266 - MindArk PE AB) Epic Privacy Browser (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Epic) (Version: 48.0.2553.0 - Epic) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel) IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Logitech H800 (HKLM\...\{7DE24FDD-A655-4AB7-A877-7236B91A9675}) (Version: 1.0.034 - Logitech) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4841.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.96.218.0 - Overwolf Ltd.) PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd) PKRCasino (HKLM-x32\...\PKRCasino) (Version: - ) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) Q-Dir (HKLM\...\Q-Dir) (Version: - ) RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.) Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.616 - Razer Inc.) RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.11 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Remember Me (HKLM-x32\...\Steam App 228300) (Version: - DONTNOD Entertainment) ROG GameFirst II v8.03 (HKLM\...\ROG GameFirst II) (Version: 8.03 - cFos Software GmbH, Bonn) Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Shadowrun Chronicles (HKLM-x32\...\Steam App 267750) (Version: - Cliffhanger Productions) Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Star Citizen Launcher (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - ) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Uplayer (HKLM-x32\...\{28B6BA37-247E-4F7C-8D60-3EC1C9A2EB2F}) (Version: 1.0.0.31 - D-LINK CORPORATION) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Waterfox 40.1.0 (x64 en-US) (HKLM\...\Waterfox 40.1.0 (x64 en-US)) (Version: 40.1.0 - Mozilla) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation) WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1064D6A5-F643-4FA8-8ACD-288C7F4C5035} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [2013-12-27] (ASUS) Task: {2985EE4F-2F7E-46B5-A206-9F92E15F270E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation) Task: {299E00F5-3949-49C5-B229-F9CCD97DDA22} - \ShopperPro -> No File <==== ATTENTION Task: {3419AFD9-6D8C-4CA0-8B8F-1A1116229CBD} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] () Task: {39E999DE-74B4-4E05-AC8C-8169D9E89CBA} - System32\Tasks\YVUEUT => C:\Users\Akira\AppData\Roaming\YVUEUT.exe <==== ATTENTION Task: {458BCA13-31C9-45B9-970D-F0C03127057C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.) Task: {48C7FBE1-8906-47A3-959C-6765EDAE36CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {4A0B4C5A-8E70-43E6-8041-077AA35EA05E} - System32\Tasks\GSJSNB => C:\Users\Akira\AppData\Roaming\GSJSNB.exe <==== ATTENTION Task: {5A06EF9E-CB4D-48F5-AB0A-555244139A64} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.) Task: {602D5807-166E-49A3-8AB2-3582723A4236} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {61900190-5873-4D16-AA13-DC315115AA0D} - System32\Tasks\HP AR Program Upload - 792d4af74a134831ad2842fec9573f529c4b668d2df245a5b9517aed48fb6a85 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {674862EA-9D88-4FE9-94B1-E27DCF028303} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.) Task: {69432C5C-70BD-4B2A-A8CF-88270EFCC2AF} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.) Task: {740A4327-8574-4CA5-92D4-9040398FC62A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.) Task: {8749D0D2-D22B-4861-A2F6-A715B85F7C96} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.) Task: {9370D8BC-623A-4505-8159-4208E3B4F4D7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-07-17] (Overwolf LTD) Task: {9907E2F3-2AAC-4116-BC2E-C82C7E713981} - System32\Tasks\EZGLS => C:\Users\Akira\AppData\Roaming\EZGLS.exe <==== ATTENTION Task: {A004F66B-8549-4BC2-A6C2-5764E22B3EE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F} - \SPDriver -> No File <==== ATTENTION Task: {A97F1278-7A8E-4556-9383-BD038D2B06E6} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2010-11-23] () Task: {A9E8C312-E563-48CA-A6B6-68088D1959A7} - System32\Tasks\Opera scheduled Autoupdate 1405202463 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software) Task: {B281E651-2EED-4557-8137-1A606680BAFB} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-12] (Catalina Group Ltd.) Task: {B3DBB750-4BD9-437E-B720-E9166FDDE667} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-12] (Catalina Group Ltd.) Task: {C1244CF1-EB51-478A-8A88-86794BBFFD7E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.) Task: {CA36BB4F-7284-48BD-8B7A-A43E4B92B5B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation) Task: {CFCFEE71-18F1-447E-87E5-333B79B6F750} - System32\Tasks\GE => C:\Users\Akira\AppData\Roaming\GE.exe <==== ATTENTION Task: {D45DFA90-E854-4183-801C-B2BEE307173F} - System32\Tasks\Abelssoft\UpdateYeti scan => C:\Program Files (x86)\UpdateYeti\UpdateYeti.exe Task: {DEE4A852-16C0-454B-A5C6-DFCFE5EFFC17} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.) Task: {F155D5FB-76B2-4722-BA29-137714780E20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F3396505-F845-44DB-A9D8-4D8341EB93F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated) Task: {FC27701E-0BBB-4857-82ED-895263677BA8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core.job => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA.job => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe Task: C:\Windows\Tasks\EZGLS.job => C:\Users\Akira\AppData\Roaming\EZGLS.exe <==== ATTENTION Task: C:\Windows\Tasks\GE.job => C:\Users\Akira\AppData\Roaming\GE.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GSJSNB.job => C:\Users\Akira\AppData\Roaming\GSJSNB.exe <==== ATTENTION Task: C:\Windows\Tasks\YVUEUT.job => C:\Users\Akira\AppData\Roaming\YVUEUT.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2015-11-05 02:11 - 2015-11-05 02:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-06-26 00:43 - 2014-06-26 00:43 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-09-17 12:58 - 2013-09-17 12:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2014-07-12 03:06 - 2010-11-23 15:43 - 00105088 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe 2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll 2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll 2014-07-16 04:34 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-07-15 17:25 - 2014-07-15 17:25 - 00861784 _____ () F:\RealPlayerCloud\RPDS\Plugins\cldplin.dll 2014-07-12 03:02 - 2016-07-14 07:21 - 00039424 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2014-07-12 03:02 - 2010-06-29 04:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2014-07-12 03:06 - 2010-06-24 21:50 - 00094208 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\IccLibDll.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2014-07-12 03:04 - 2013-08-19 11:23 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll 2014-07-12 03:04 - 2013-08-19 17:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll 2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2014-01-07 01:42 - 2014-01-07 01:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-01-16 01:55 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Akira\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.192.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2014 Zahlungserinnerung.lnk => C:\Windows\pss\Quicken 2014 Zahlungserinnerung.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup MSCONFIG\startupreg: GPU TweakIt Server Execute => "C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "F:\RealPlayerCloud\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [{04C72F3B-663F-4924-BB67-4F2460F1921F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{D8F98428-B235-496C-8D8D-FA047F24E117}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{870CF286-1E63-49C5-A693-7BF9099E8A4A}] => (Allow) F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe FirewallRules: [{18FBCCF8-70B2-465C-BE38-8C2ACF6387CA}] => (Allow) C:\Users\Akira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F6D34B91-D09D-4BB9-87AC-B253AE5EF88F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{4DEA37DB-D0FA-444B-909C-3D9A41B38C1B}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [TCP Query User{15B57389-FFAE-4CB7-B4E0-4081F5E27608}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [UDP Query User{D3FD7B0A-9E58-49B0-926F-2C3C1B68DF87}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [TCP Query User{FD731441-6D4D-4394-9825-C8F4817E2576}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [UDP Query User{0AD2F69A-0A68-4DA4-A709-89DF8616A347}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [{FFE24E11-BFCD-457A-B09C-86564AE1977B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BD4C3CF8-35F7-4AEA-BE7A-75BC04583D5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{5FA21582-A089-456C-B962-90E58BD56827}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{4277A02F-B2E4-4B9D-9162-7A91D324A5E3}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [TCP Query User{CCFAAA17-0B67-4D8C-BAAB-E042AA29A0A0}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Allow) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe FirewallRules: [UDP Query User{0390DD54-B969-4646-8D16-09ADA16B5155}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Allow) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe FirewallRules: [{B1B52682-335F-41E8-85FE-C6262F802010}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F01DF473-8AE7-4423-AD0F-0F0F9AD08B61}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{877FCD4B-180B-4A6E-A895-ED6702358DDE}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe FirewallRules: [UDP Query User{383C6F7D-4759-436C-B770-632B717B44C6}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe FirewallRules: [TCP Query User{4947F208-77F1-417C-9C0B-CF91071E37BC}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe FirewallRules: [UDP Query User{2882E94C-DA7C-40C2-A103-0C91CC622F17}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe FirewallRules: [TCP Query User{EE0FE323-10D3-4210-B6C1-D3F9007CBFD3}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [UDP Query User{EFC33A56-AF4B-4BE3-8A59-7F3320940DB6}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [TCP Query User{B997108D-FBCA-407D-902D-9BC924359466}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [UDP Query User{4F8A29F7-CD4B-40FE-82EE-D03FE1A794BA}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [{E21F74D9-7D0E-4916-AB2C-6F41F1C241E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe FirewallRules: [{79AD9D66-4DAF-4686-ADB1-3F7F9BE3EDE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe FirewallRules: [{A8E6DE49-815C-4EF1-A074-10118C88E53C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe FirewallRules: [{9B446390-B42B-4471-89EE-B4D40F981300}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe FirewallRules: [TCP Query User{C59C1066-39B7-41AF-869C-FFBF806E2F52}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Block) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe FirewallRules: [UDP Query User{820BFABB-7197-492A-8C74-BFB8294A440C}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Block) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe FirewallRules: [{72EEE488-8149-490E-9064-F6328460F5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D068EBC8-E135-4D8A-8832-186ECA1C1DD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{456B7D12-9231-4F7E-A04D-8E7CF489AE17}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe FirewallRules: [UDP Query User{EEA6F12C-E4A5-49DF-A7A3-033BEDB827E1}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe FirewallRules: [{6206AE8B-7F7E-4096-BCC0-7F0C61058E35}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe FirewallRules: [{9AB01371-7F41-4DF1-B664-94C956F53A2F}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe FirewallRules: [{951C20C3-02A4-4DF9-8148-8FC95AFD8E7D}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [{DDC8BA3B-ED1B-4F5F-BA30-C16063BD3CCD}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [TCP Query User{0E94B15B-80D6-487F-9C94-04730B846172}C:\program files\waterfox\waterfox.exe] => (Allow) C:\program files\waterfox\waterfox.exe FirewallRules: [UDP Query User{A2AED16D-D9DB-40FC-9760-918E5913ADE8}C:\program files\waterfox\waterfox.exe] => (Allow) C:\program files\waterfox\waterfox.exe FirewallRules: [{4A82502A-A0E9-40B8-B20A-7036492270E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowrunOnline\Shadowrun.exe FirewallRules: [{51ECCD1E-D775-4C43-B300-81A0CB453889}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowrunOnline\Shadowrun.exe FirewallRules: [{AC02D8BD-AFC0-4289-B164-9E5F091C1DB4}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{83A6E06F-31E0-4772-8173-756187431910}] => (Allow) LPort=5357 FirewallRules: [{342200F4-CD16-403A-AB3D-33F3D8DF1A4D}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{6350D1FE-4C57-43AD-BD9D-4137B8A6A795}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStar One\DarkStarOne.exe FirewallRules: [{30FB72D1-A471-4D8F-83E5-ED83C6FC5DF5}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStar One\DarkStarOne.exe FirewallRules: [{4E8CE80E-C5CC-4E9E-BA84-3AE376EB952C}] => (Allow) F:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe FirewallRules: [{649C3D9C-ED17-4023-955B-42CC72C8BE55}] => (Allow) F:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe FirewallRules: [TCP Query User{DFD8F9A5-4A62-492D-8D40-D22C706AF3F8}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\akira\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{D9579FD8-7B8D-4533-9205-4901FB2A0F27}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\akira\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{B468F7F1-013C-4FF0-B921-F92C0969505F}D:\advanced\autorun.exe] => (Allow) D:\advanced\autorun.exe FirewallRules: [UDP Query User{80367BF1-D796-459F-BA6E-318F95E25432}D:\advanced\autorun.exe] => (Allow) D:\advanced\autorun.exe FirewallRules: [{974A3B56-D574-4DEB-8C03-ECA4B9F1C1E5}] => (Block) D:\advanced\autorun.exe FirewallRules: [{FCB1DA5E-0034-467D-A786-981EA5B98057}] => (Block) D:\advanced\autorun.exe FirewallRules: [{EF8398A8-851F-44C7-BE1A-22C46E3D201D}] => (Allow) C:\Users\Akira\Downloads\wizard\autorun.exe FirewallRules: [TCP Query User{59C07255-096C-4B9F-AA57-90100F250A5C}C:\users\akira\appdata\local\raidar\raidar.exe] => (Allow) C:\users\akira\appdata\local\raidar\raidar.exe FirewallRules: [UDP Query User{1350723C-7F4A-42FB-B0B5-B81F27002C19}C:\users\akira\appdata\local\raidar\raidar.exe] => (Allow) C:\users\akira\appdata\local\raidar\raidar.exe FirewallRules: [{0849D83E-4197-4542-A9D8-29E9ED8E8E41}] => (Block) C:\users\akira\appdata\local\raidar\raidar.exe FirewallRules: [{EB6D7EB0-1CC2-45C2-88B2-59C99B9651FE}] => (Block) C:\users\akira\appdata\local\raidar\raidar.exe FirewallRules: [TCP Query User{CD1110C8-49C5-4695-865F-CE3EB1B00091}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{9A7D3A77-F041-43DB-91DB-C10619CB0B55}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{CBA025B0-0A38-4458-B66D-EA2E8957DC90}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{BC6D5776-76AB-4DA0-86AB-D012B4715C13}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{AC429784-C7EA-4243-9E95-4AE5014BE0B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{06285AC4-01AB-4495-9FFE-457C939EF5DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D512A92A-346B-4FF2-B2A8-4665B8F56443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{900C0D44-F73F-4B6E-B437-9FE13C6C1BD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{9FA01337-D853-4B9B-AC0F-3708F4231351}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\akira\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{C46874B4-B64C-4FDA-8004-B870EC2932F5}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\akira\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{CB2891AA-DE07-4831-9F53-8D4225904E32}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{4D47B910-6082-4E14-9C3F-DB108669CB71}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe FirewallRules: [{81562F08-26F9-47FB-B6A1-B89EF8F9D2A4}] => (Block) G:\games\diablo iii\diablo iii.exe FirewallRules: [{29F2F45D-9698-4094-83BB-ABC9D8B7FB11}] => (Block) G:\games\diablo iii\diablo iii.exe FirewallRules: [{435461FD-A171-4D7A-87DC-8E2BA7CFAC8A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{79DC9BEF-9648-4CB8-A916-CFC90A8A7592}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{34CEE231-BA4C-4275-8633-D133C032EEE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3A340C7E-086A-4252-88F7-C816173F7C25}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [UDP Query User{AAC80550-FEF9-4F28-BFD6-5C54C5134EE7}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [TCP Query User{C4CA8DB0-EEA6-4938-A3AF-A70D0EFE2D85}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [UDP Query User{CE8649FE-B8CA-4ED9-9FD0-769969DA69B1}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [{CF8DDA7D-CE4B-4D50-87D0-958912C07B60}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe FirewallRules: [{AC74F26A-9CE6-44BF-A950-358C3F940846}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe FirewallRules: [{A4FBF845-BDBF-451D-BCDE-C2E5F052E0A4}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe FirewallRules: [{44B44DD6-72C1-454D-BC2D-98F044D41A67}] => (Block) F:\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe FirewallRules: [{956A7DC9-D387-480F-9A87-AC0C8DE260BD}] => (Block) F:\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe FirewallRules: [{84BEB567-7548-4FB9-BDC6-13A353DDB6C3}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{CFE55B37-FE46-430E-93D0-9B5E6409060C}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{AB93331E-F641-4E85-821D-5195402D4657}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{71306989-AC6F-4EDF-8FEB-3DA02698F7B9}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{A56A4E8C-3635-4A44-BA18-C5587E75C857}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{FB848D70-7915-4DA3-AE69-50E58B82C3B1}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{676C92F9-1ED3-4A9C-A6C4-FD6570831DBF}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{C17BE593-A88E-44ED-A537-D1A1BAB961D6}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{A3A97627-C768-40C7-9880-3F96353EE5C3}] => (Allow) C:\Users\Akira\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe FirewallRules: [{3876BA9B-34BD-429E-9D40-AF5798107910}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{80DC3534-0A58-4E82-AC11-6962CA807645}] => (Allow) LPort=63809 FirewallRules: [{B46F790D-9E07-4A4D-9260-27BA410BC6EB}] => (Allow) LPort=5000 FirewallRules: [{05A7CFAF-9CF6-4556-971A-7C4AAD61C512}] => (Allow) C:\Users\Akira\AppData\Local\Epic Privacy Browser\Application\epic.exe ==================== Restore Points ========================= 18-07-2016 20:18:42 Removed WinZip 17.5 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 41157089 Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 41157089 Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11060 Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11060 Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10046 Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10046 Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2016 03:54:38 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9048 System errors: ============= Error: (07/24/2016 11:34:39 PM) (Source: BTHUSB) (EventID: 5) (User: ) Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it. Error: (07/23/2016 12:57:47 AM) (Source: BTHUSB) (EventID: 5) (User: ) Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it. Error: (07/17/2016 07:21:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/17/2016 07:21:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 = The system cannot find the file specified. CodeIntegrity: =================================== Date: 2016-07-26 21:34:47.268 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-26 18:57:40.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 09:24:11.338 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 07:53:49.374 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 03:44:26.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 16:34:45.333 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 00:10:06.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-21 03:00:55.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-19 12:21:21.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-23 11:09:42.864 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 14% Total physical RAM: 32664.89 MB Available physical RAM: 27976.79 MB Total Virtual: 65327.96 MB Available Virtual: 59385.99 MB ==================== Drives ================================ Drive c: (Win7Pro64) (Fixed) (Total:238.37 GB) (Free:13.92 GB) NTFS Drive f: (DataStore) (Fixed) (Total:2048.1 GB) (Free:1666.61 GB) NTFS Drive g: (FastStore) (Fixed) (Total:500.1 GB) (Free:482.16 GB) NTFS Drive h: (NetStore) (Fixed) (Total:496.1 GB) (Free:495.99 GB) NTFS Drive i: (BackUp) (Fixed) (Total:2544.1 GB) (Free:2526.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B9823E91) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Was ich noch Anhängen möchte, ich habe ein Chip für das MB zur Hardware-Verschlüsselung. Liegt bereit aber noch nicht eingebaut, vieleicht ist dazu ja so oder so eine Neuinstallation im voraus zu Empfehlen? Danke im voraus für eure Hilfe |
|
27.07.2016, 00:05
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win7x64, "Kopieren" von Daten im Hintergrund Hi
__________________Warum postest du hier im Malwarebereich? Irgendwelche Virenfunde bisher? Zitat:
 Darf man mal fragen ob das wirklich alles rein privater Natur ist?
__________________ |
|
27.07.2016, 00:41
| #3 |
| | Win7x64, "Kopieren" von Daten im Hintergrund Stimmt hat Sie. Ich bin auch ein begeisterter Spieler, sollte and der Programmliste leicht zu erkennen sein, ich denke kaum das irgendein "Geschäft" von so einer Spiele Liste begeistert wäre. Im übrigen, meine Kiste Leuchtet in Bunten Farben steckt in einem ThermalTake Modding Case, was eine meiner grösten Leidenschaften ist. Ich hab mir für diese meine Traumkiste den A.. aufgerissen denn du hast recht es steckt einiges an Kohle drin. Viel wichtiger Jedoch es steckt sehr viel Arbeit und Herzblut drin und ich will nicht das das ganze wegen irgendeiner Unerwünster Software Schaden nimmt.
__________________Im Übrigen schreib ich hier weil der Verdacht bei dem was passiert ist mehr als nahe liegt, es im Protokol auch einige ALLERTS hat und das ganze hier eine Logfile Analyse und Auswertung ist. Also Danke für deine Begeisterung zu meiner Hardware, bin ich auch und genau darum versuche ich es zu schützen! Malewarebytes Logfile: Version: 2.2.1.1043 Malware Database: v2016.07.26.09 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Akira Scan Type: Threat Scan Result: Completed Objects Scanned: 308724 Time Elapsed: 5 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 9 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{299E00F5-3949-49C5-B229-F9CCD97DDA22}, , [20818f99cecc1a1c2ce6b21d30d2649c], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F}, , [7130de4ab8e253e39199e30d0003857b], PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [efb252d685151f170f74945c70933bc5], Registry Values: 2 PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{299E00F5-3949-49C5-B229-F9CCD97DDA22}|Path, \ShopperPro, , [20818f99cecc1a1c2ce6b21d30d2649c] PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F}|Path, \SPDriver, , [7130de4ab8e253e39199e30d0003857b] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhjehbmopbfbomhchfkhbghcehpeiijl, , [4061e147366474c281c716af59a9c63a], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl, , [fca5d652eeac1323f257cef7c73ba35d], Files: 6 PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_nhjehbmopbfbomhchfkhbghcehpeiijl_0.localstorage, , [2180e543148672c44a11765ec83a30d0], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\000003.log, , [fca5d652eeac1323f257cef7c73ba35d], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\CURRENT, , [fca5d652eeac1323f257cef7c73ba35d], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\LOCK, , [fca5d652eeac1323f257cef7c73ba35d], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\LOG, , [fca5d652eeac1323f257cef7c73ba35d], PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\MANIFEST-000001, , [fca5d652eeac1323f257cef7c73ba35d], Physical Sectors: 0 (No malicious items detected) Dennoch auch dieses Programm ist nicht fehlerfrei und wird etwas neues erst dann finden wenns bekannt ist, und dann ist es vieleicht zu spät. Zugegeben vieleicht bin ich auch einfach etwas übervorsichtig, falls dem so ist, SORRY! Geändert von AkiraAMDx64 (27.07.2016 um 00:59 Uhr) |
|
27.07.2016, 10:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7x64, "Kopieren" von Daten im Hintergrund Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Win7x64, "Kopieren" von Daten im Hintergrund |
| akamai, antivirus, avira, bonjour, cfosspeed, computer, failed, flash player, frage, hijack, hijackthis, homepage, hängen, installation, internet, kaspersky, netgear, realtek, registry, security, server, software, svchost.exe, system, trace, usb, win7pro, windows |
Linear-Darstellung
