Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7x64, "Kopieren" von Daten im Hintergrund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.07.2016, 21:00   #1
AkiraAMDx64
 
Win7x64, "Kopieren" von Daten im Hintergrund - Standard

Win7x64, "Kopieren" von Daten im Hintergrund



Hallo

In den letzten Tagen war das Internet manchmal etwas langsamer, was alleine noch kein Grund wäre hier ein Thema zu eröffnen, vorallem da ich des öfteren mehrere Browserfenster mit vielen offen Tabs am laufen habe.
Allerdings, wärend ich heute ein Stream angesehen habe sah ich für kurze Zeit, leider zu kurz um zu sehen welche Datei es war, ein Fenster wie beim Kopieren von Daten. Auch wenn ich nicht wirklich extrem Heikle Daten auf meinem PC habe, so möcht ich mir bei sowas doch lieber sicher sein ob niemand meine Schritte am PC verfolgt.

Im Explorer nachgeschaut welches die letzten veränderten Daten sind (direkt nach dem geschehen) fielen mir Insbesondere diese Einträge ins Auge:

LWSDebugOut - C/Users/Akira/AppData/Local/Temp
cFosSpeed - C/ProgramData/cFos
!! trace C/ProgramData/cFos/cFosSpeed
cliqz.dbhumanweb - C/Users/Akira/AppData/Roaming/Mozilla/Firefox/Profiles
xm3lk03h.default - ""

cFos steht doch im zusammenhang mit Outlook Sync. Caleneder, ich Arbeite weder mit Outlook noch dem Calender und schon garnicht mit Auto Sync. Desshalb vermute ich mal das da was nicht Stimmt. Hoffe Ihr könnt mir weiterhelfen, insbesondere mit der Frage Neuaufsetzen, oder reicht es mit ein paar Tools mal wieder aufzuräumen, respektive besteht überhaupt ein Problem. Hier noch die Logfiles :

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016
Ran by Akira (administrator) on AAX-ALPHABUILD (26-07-2016 21:35:28)
Running from F:\Downloads
Loaded Profiles: Akira (Available Profiles: Akira)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(cFos Software GmbH) C:\Program Files\ASUS\ROG GameFirst II\spd.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Akamai Technologies, Inc.) C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe
(Epic Privacy Browser) C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(© 2015 Microsoft Corporation) C:\Users\Akira\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Akamai Technologies, Inc.) C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Logitech) C:\Program Files (x86)\Logitech\H800\H800.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(RealNetworks, Inc.) F:\RealPlayerCloud\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ROG GameFirst II] => C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe [3064232 2012-08-09] (cFos Software GmbH)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2014-07-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe [5099840 2013-06-26] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-06-16] (Razer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Logitech H800] => C:\Program Files (x86)\Logitech\H800\H800.exe [273432 2011-07-29] (Logitech)
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE [10677320 2012-11-08] (D-Link Corporation)
HKLM-x32\...\Run: [TkBellExe] => F:\RealPlayerCloud\update\realsched.exe [296520 2014-07-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831064 2016-07-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [CatalinaGroup Update] => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130928 2015-10-12] (Catalina Group Ltd.)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Akira\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2015-06-13] (Epic Privacy Browser)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [BingSvc] => C:\Users\Akira\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-06] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] ()
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {613730fd-0953-11e4-9920-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {75908449-095c-11e4-83a1-806e6f6e6963} - "D:\Diablo III Setup.exe"
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {90aaeb40-0c8d-11e4-942c-806e6f6e6963} - E:\wubi.exe
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\MountPoints2: {c770af2c-0c3c-11e6-bf15-5cf370661ba4} - E:\autorun.bat
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-07-18]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{A0023ECA-D9A4-41A3-A1EF-06A6220EE7D4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B6E11C16-1585-4F8A-AE4E-C58AEFAD19FA}: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{EF18A811-C824-4CD0-9BC8-9E481C2BEBE0}: [DhcpNameServer] 192.168.192.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-ch/?pc=UE07&ocid=UE07DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Sense -> {11111111-1111-1111-1111-110611901159} -> No File
BHO: Ge-Force -> {11111111-1111-1111-1111-110611971195} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-10] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-16] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.7 -> F:\RealPlayerCloud\Netscape6\nppl3260.dll [2014-07-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.7 -> F:\RealPlayerCloud\Netscape6\nprpplugin.dll [2014-07-15] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\Akira\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-12] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\Akira\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-12] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-06-13] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Akira\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-06-13] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-1038042310-4131372163-2243221697-1000: www.mydlink.com/Uplayer -> C:\Users\Akira\AppData\Roaming\dlink\Uplayer\1.0.0.31\npUplayer.dll [2015-06-29] (D-LINK CORPORATION)
FF user.js: detected! => C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\user.js [2015-01-29]
FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\google-images.xml [2014-10-27]
FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\google-maps.xml [2014-10-27]
FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\metager.xml [2014-07-18]
FF SearchPlugin: C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\searchplugins\youtube.xml [2015-12-11]
FF Extension: Fasterfox - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2016-04-27]
FF Extension: Bing Search - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\bingsearch.full@microsoft.com [2015-10-28] [not signed]
FF Extension: Cliqz - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\cliqz@cliqz.com.xpi [2016-06-28]
FF Extension: Adblock Plus - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Akira\AppData\Roaming\Mozilla\Firefox\Profiles\xm3lk03h.default\extensions\cliqz@cliqz.com => not found

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1421364679&from=cor&uid=TOSHIBAXTHNSNH256GBST_53PS105UTE8Y105UTE8Y"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll => No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll => No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File
CHR Profile: C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (RealPlayer Downloader) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-01-29]
CHR Extension: (Skype) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
CHR Extension: (Gmail) - C:\Users\Akira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09]
CHR HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

Opera:
=======
OPR Extension: (Ge-ForcePlus v2) - C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhjehbmopbfbomhchfkhbghcehpeiijl [2015-10-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [860072 2012-08-09] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1309936 2016-07-17] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe [1141848 2014-07-15] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-26] () [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2014-07-12] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-27] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-18] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 21:34 - 2016-07-26 21:35 - 00000000 ____D C:\FRST
2016-07-26 21:34 - 2016-07-26 21:34 - 00002148 _____ C:\Users\Akira\Desktop\HijackThis - CHIP Installer.lnk
2016-07-25 19:22 - 2016-07-25 19:22 - 00001143 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-25 07:29 - 2016-07-26 17:38 - 00000000 ____D C:\Users\Akira\AppData\Roaming\vlc
2016-07-25 07:29 - 2016-07-25 07:29 - 00001079 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-25 07:29 - 2016-07-25 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-25 07:29 - 2016-07-25 07:29 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-07-25 03:33 - 2016-07-25 03:33 - 00001614 _____ C:\Users\Akira\Desktop\I Don't Want to Be Songtext.txt
2016-07-18 20:23 - 2016-07-18 20:23 - 00001020 _____ C:\Users\Public\Desktop\UltraISO.lnk
2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\Users\Akira\Documents\My ISO Files
2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-07-18 20:23 - 2016-07-18 20:23 - 00000000 ____D C:\Program Files (x86)\UltraISO
2016-07-18 20:20 - 2016-07-18 20:22 - 00000000 ____D C:\Users\Akira\AppData\Local\WinZip
2016-07-18 20:20 - 2016-07-18 20:21 - 00000000 ____D C:\ProgramData\WinZip
2016-07-18 20:20 - 2016-07-18 20:20 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2016-07-18 20:20 - 2016-07-18 20:20 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-07-18 20:20 - 2016-07-18 20:20 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\Users\Akira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-07-18 20:20 - 2016-07-18 20:20 - 00000000 ____D C:\Program Files\WinZip
2016-07-18 20:19 - 2016-07-18 20:19 - 00000000 ____D C:\Users\Akira\Documents\Add-in Express
2016-07-18 20:19 - 2016-07-18 20:19 - 00000000 ____D C:\ProgramData\UniqueId
2016-07-15 14:43 - 2016-07-18 20:55 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-07-13 08:16 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 08:16 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 08:16 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 08:16 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 08:16 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 08:16 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 08:16 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 08:16 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 08:16 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 08:16 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 08:16 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 08:16 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 08:16 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 08:16 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 08:16 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 08:16 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 08:16 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 08:16 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 08:16 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 08:16 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 08:16 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 08:16 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 08:16 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 08:16 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 08:16 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 08:16 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 08:16 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 08:16 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 08:16 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 08:16 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 08:16 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 08:16 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 08:16 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 08:16 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 08:16 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 08:16 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 08:16 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 08:16 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 08:16 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 08:16 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 08:16 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 08:16 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 08:16 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 08:16 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 08:16 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 08:16 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 08:16 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 08:16 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 08:16 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 08:16 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 08:16 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 08:16 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 08:16 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 08:16 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 08:16 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 08:16 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 08:16 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 08:16 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 08:16 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 08:16 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 08:16 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 08:16 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 08:16 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 08:16 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 08:16 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 08:16 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 08:16 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 08:16 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 08:16 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 08:16 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 08:16 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 08:16 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 08:16 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 08:16 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 08:16 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 08:16 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 08:16 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-12 10:15 - 2016-07-12 10:15 - 00000000 ___HD C:\$Windows.~WS
2016-06-27 10:09 - 2016-07-21 11:12 - 00000002 _____ C:\END

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 21:21 - 2016-03-04 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-26 21:20 - 2016-03-04 18:14 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-26 21:20 - 2016-03-04 18:14 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-26 21:14 - 2015-01-15 22:14 - 00001330 _____ C:\Windows\Tasks\GE.job
2016-07-26 21:13 - 2015-01-15 22:13 - 00001338 _____ C:\Windows\Tasks\GSJSNB.job
2016-07-26 20:58 - 2015-06-13 23:26 - 00002383 _____ C:\Users\Akira\Desktop\Epic Privacy Browser.lnk
2016-07-26 20:58 - 2015-06-13 23:24 - 00000000 ____D C:\Users\Akira\AppData\Local\Epic Privacy Browser
2016-07-26 20:51 - 2014-07-16 04:18 - 00001150 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA.job
2016-07-26 20:50 - 2015-01-15 21:50 - 00001336 _____ C:\Windows\Tasks\EZGLS.job
2016-07-26 20:49 - 2015-01-15 21:49 - 00001338 _____ C:\Windows\Tasks\YVUEUT.job
2016-07-26 20:43 - 2016-02-12 02:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-26 20:39 - 2014-07-12 02:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-26 15:25 - 2009-07-14 06:45 - 00036192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-26 15:25 - 2009-07-14 06:45 - 00036192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-26 15:20 - 2014-07-16 04:18 - 00001098 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core.job
2016-07-26 00:39 - 2014-07-12 02:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-25 19:22 - 2014-07-12 03:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-25 02:43 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-25 02:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-24 03:39 - 2014-07-16 04:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 03:38 - 2014-07-16 04:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-23 05:14 - 2016-04-02 22:09 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000
2016-07-23 05:14 - 2016-04-02 22:09 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000
2016-07-21 17:11 - 2015-02-14 23:11 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-07-21 07:21 - 2014-07-15 17:27 - 00003374 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000
2016-07-21 07:21 - 2014-07-15 17:27 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000
2016-07-17 01:30 - 2015-10-25 20:28 - 00000000 ____D C:\Users\Akira\AppData\Roaming\Skype
2016-07-17 00:56 - 2015-02-14 23:09 - 00000000 ____D C:\Users\Akira\AppData\Roaming\TS3Client
2016-07-15 14:43 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-15 14:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-07-15 06:43 - 2016-02-12 02:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 06:43 - 2014-07-13 00:08 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 06:43 - 2014-07-13 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-15 04:34 - 2015-12-07 22:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-15 04:34 - 2014-12-23 17:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 15:02 - 2014-07-28 21:34 - 00000000 ____D C:\Users\Akira\AppData\Local\CrashDumps
2016-07-14 14:55 - 2014-07-12 03:13 - 00000000 _____ C:\Windows\Path.idx
2016-07-14 14:25 - 2014-09-06 08:28 - 00002555 _____ C:\Windows\MB.idx
2016-07-14 07:46 - 2014-07-12 16:54 - 00000000 ____D C:\Users\Akira\AppData\Local\ElevatedDiagnostics
2016-07-14 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-14 07:22 - 2014-07-12 03:06 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-07-14 07:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-14 07:21 - 2009-07-14 06:45 - 00381760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 03:04 - 2014-07-12 16:28 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 03:01 - 2014-07-12 16:28 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 03:43 - 2014-07-13 00:08 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 03:43 - 2014-07-12 03:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 10:15 - 2014-07-12 11:29 - 00000000 ____D C:\Windows\Panther
2016-07-08 05:20 - 2014-07-13 00:01 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405202463
2016-07-08 05:20 - 2014-07-13 00:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-06 12:35 - 2014-07-17 01:45 - 00000000 ____D C:\Program Files (x86)\Entropia Universe

==================== Files in the root of some directories =======

2014-09-01 10:18 - 2015-02-12 20:04 - 0000935 _____ () C:\Users\Akira\AppData\Roaming\EZGLS
2014-09-01 10:18 - 2015-02-12 20:04 - 0000935 _____ () C:\Users\Akira\AppData\Roaming\GE
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Akira\AppData\Roaming\GSJSNB
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Akira\AppData\Roaming\YVUEUT
2014-07-18 20:33 - 2014-07-18 20:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-12 02:39 - 2014-07-12 02:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Akira\AppData\Local\Temp\avgnt.exe
C:\Users\Akira\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 21:05

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by Akira (2016-07-26 21:35:56)
Running from F:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-07-11 23:54:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1038042310-4131372163-2243221697-500 - Administrator - Disabled)
Akira (S-1-5-21-1038042310-4131372163-2243221697-1000 - Administrator - Enabled) => C:\Users\Akira
Guest (S-1-5-21-1038042310-4131372163-2243221697-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1038042310-4131372163-2243221697-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{22E2B25B-2FFE-1A69-E591-55DD72BC5F5B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Asunsoft Windows 7 Password Geeker Trial (HKLM-x32\...\Asunsoft Windows 7 Password Geeker Trial) (Version: 1.0 - Asunsoft)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.2.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.5.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.0.7.8 - ASUS)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.15 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Citrio (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Citrio) (Version: 50.0.2661.271 - © Catalinagroup Ltd.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
DarkStar One (HKLM-x32\...\Steam App 12330) (Version: - Ascaron Entertainment ltd.)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
Device Pack (HKLM-x32\...\{D54D4A22-4382-4485-92DF-00C39F123E87}) (Version: 1.4.6 - D-Link)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
D-Link D-ViewCam (HKLM-x32\...\{440E9F90-0619-4E84-8226-65AD5073AD24}) (Version: 3.4.0 - D-Link)
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version: - )
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 14.7.4.124266 - MindArk PE AB)
Epic Privacy Browser (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Epic) (Version: 48.0.2553.0 - Epic)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech H800 (HKLM\...\{7DE24FDD-A655-4AB7-A877-7236B91A9675}) (Version: 1.0.034 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.96.218.0 - Overwolf Ltd.)
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PKRCasino (HKLM-x32\...\PKRCasino) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Q-Dir (HKLM\...\Q-Dir) (Version: - )
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.616 - Razer Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.11 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remember Me (HKLM-x32\...\Steam App 228300) (Version: - DONTNOD Entertainment)
ROG GameFirst II v8.03 (HKLM\...\ROG GameFirst II) (Version: 8.03 - cFos Software GmbH, Bonn)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Shadowrun Chronicles (HKLM-x32\...\Steam App 267750) (Version: - Cliffhanger Productions)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Star Citizen Launcher (HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplayer (HKLM-x32\...\{28B6BA37-247E-4F7C-8D60-3EC1C9A2EB2F}) (Version: 1.0.0.31 - D-LINK CORPORATION)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Waterfox 40.1.0 (x64 en-US) (HKLM\...\Waterfox 40.1.0 (x64 en-US)) (Version: 40.1.0 - Mozilla)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1064D6A5-F643-4FA8-8ACD-288C7F4C5035} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [2013-12-27] (ASUS)
Task: {2985EE4F-2F7E-46B5-A206-9F92E15F270E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {299E00F5-3949-49C5-B229-F9CCD97DDA22} - \ShopperPro -> No File <==== ATTENTION
Task: {3419AFD9-6D8C-4CA0-8B8F-1A1116229CBD} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {39E999DE-74B4-4E05-AC8C-8169D9E89CBA} - System32\Tasks\YVUEUT => C:\Users\Akira\AppData\Roaming\YVUEUT.exe <==== ATTENTION
Task: {458BCA13-31C9-45B9-970D-F0C03127057C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {48C7FBE1-8906-47A3-959C-6765EDAE36CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {4A0B4C5A-8E70-43E6-8041-077AA35EA05E} - System32\Tasks\GSJSNB => C:\Users\Akira\AppData\Roaming\GSJSNB.exe <==== ATTENTION
Task: {5A06EF9E-CB4D-48F5-AB0A-555244139A64} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {602D5807-166E-49A3-8AB2-3582723A4236} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {61900190-5873-4D16-AA13-DC315115AA0D} - System32\Tasks\HP AR Program Upload - 792d4af74a134831ad2842fec9573f529c4b668d2df245a5b9517aed48fb6a85 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {674862EA-9D88-4FE9-94B1-E27DCF028303} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {69432C5C-70BD-4B2A-A8CF-88270EFCC2AF} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {740A4327-8574-4CA5-92D4-9040398FC62A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {8749D0D2-D22B-4861-A2F6-A715B85F7C96} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {9370D8BC-623A-4505-8159-4208E3B4F4D7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-07-17] (Overwolf LTD)
Task: {9907E2F3-2AAC-4116-BC2E-C82C7E713981} - System32\Tasks\EZGLS => C:\Users\Akira\AppData\Roaming\EZGLS.exe <==== ATTENTION
Task: {A004F66B-8549-4BC2-A6C2-5764E22B3EE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F} - \SPDriver -> No File <==== ATTENTION
Task: {A97F1278-7A8E-4556-9383-BD038D2B06E6} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2010-11-23] ()
Task: {A9E8C312-E563-48CA-A6B6-68088D1959A7} - System32\Tasks\Opera scheduled Autoupdate 1405202463 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software)
Task: {B281E651-2EED-4557-8137-1A606680BAFB} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-12] (Catalina Group Ltd.)
Task: {B3DBB750-4BD9-437E-B720-E9166FDDE667} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-12] (Catalina Group Ltd.)
Task: {C1244CF1-EB51-478A-8A88-86794BBFFD7E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {CA36BB4F-7284-48BD-8B7A-A43E4B92B5B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {CFCFEE71-18F1-447E-87E5-333B79B6F750} - System32\Tasks\GE => C:\Users\Akira\AppData\Roaming\GE.exe <==== ATTENTION
Task: {D45DFA90-E854-4183-801C-B2BEE307173F} - System32\Tasks\Abelssoft\UpdateYeti scan => C:\Program Files (x86)\UpdateYeti\UpdateYeti.exe
Task: {DEE4A852-16C0-454B-A5C6-DFCFE5EFFC17} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {F155D5FB-76B2-4722-BA29-137714780E20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F3396505-F845-44DB-A9D8-4D8341EB93F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {FC27701E-0BBB-4857-82ED-895263677BA8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1038042310-4131372163-2243221697-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000Core.job => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1038042310-4131372163-2243221697-1000UA.job => C:\Users\Akira\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\EZGLS.job => C:\Users\Akira\AppData\Roaming\EZGLS.exe <==== ATTENTION
Task: C:\Windows\Tasks\GE.job => C:\Users\Akira\AppData\Roaming\GE.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GSJSNB.job => C:\Users\Akira\AppData\Roaming\GSJSNB.exe <==== ATTENTION
Task: C:\Windows\Tasks\YVUEUT.job => C:\Users\Akira\AppData\Roaming\YVUEUT.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-11-05 02:11 - 2015-11-05 02:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-26 00:43 - 2014-06-26 00:43 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-09-17 12:58 - 2013-09-17 12:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-07-12 03:06 - 2010-11-23 15:43 - 00105088 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-07-16 04:34 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-15 17:25 - 2014-07-15 17:25 - 00861784 _____ () F:\RealPlayerCloud\RPDS\Plugins\cldplin.dll
2014-07-12 03:02 - 2016-07-14 07:21 - 00039424 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-07-12 03:02 - 2010-06-29 04:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-07-12 03:06 - 2010-06-24 21:50 - 00094208 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\IccLibDll.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-07-12 03:04 - 2013-08-19 11:23 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-07-12 03:04 - 2013-08-19 17:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 01:42 - 2014-01-07 01:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-16 01:55 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1038042310-4131372163-2243221697-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Akira\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2014 Zahlungserinnerung.lnk => C:\Windows\pss\Quicken 2014 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: GPU TweakIt Server Execute => "C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "F:\RealPlayerCloud\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{04C72F3B-663F-4924-BB67-4F2460F1921F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{D8F98428-B235-496C-8D8D-FA047F24E117}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{870CF286-1E63-49C5-A693-7BF9099E8A4A}] => (Allow) F:\RealPlayerCloud\RPDS\Bin\rpdsvc.exe
FirewallRules: [{18FBCCF8-70B2-465C-BE38-8C2ACF6387CA}] => (Allow) C:\Users\Akira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F6D34B91-D09D-4BB9-87AC-B253AE5EF88F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{4DEA37DB-D0FA-444B-909C-3D9A41B38C1B}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{15B57389-FFAE-4CB7-B4E0-4081F5E27608}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{D3FD7B0A-9E58-49B0-926F-2C3C1B68DF87}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [TCP Query User{FD731441-6D4D-4394-9825-C8F4817E2576}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{0AD2F69A-0A68-4DA4-A709-89DF8616A347}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [{FFE24E11-BFCD-457A-B09C-86564AE1977B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD4C3CF8-35F7-4AEA-BE7A-75BC04583D5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5FA21582-A089-456C-B962-90E58BD56827}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{4277A02F-B2E4-4B9D-9162-7A91D324A5E3}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{CCFAAA17-0B67-4D8C-BAAB-E042AA29A0A0}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Allow) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe
FirewallRules: [UDP Query User{0390DD54-B969-4646-8D16-09ADA16B5155}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Allow) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe
FirewallRules: [{B1B52682-335F-41E8-85FE-C6262F802010}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F01DF473-8AE7-4423-AD0F-0F0F9AD08B61}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{877FCD4B-180B-4A6E-A895-ED6702358DDE}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [UDP Query User{383C6F7D-4759-436C-B770-632B717B44C6}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{4947F208-77F1-417C-9C0B-CF91071E37BC}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [UDP Query User{2882E94C-DA7C-40C2-A103-0C91CC622F17}C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\akira\games\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{EE0FE323-10D3-4210-B6C1-D3F9007CBFD3}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{EFC33A56-AF4B-4BE3-8A59-7F3320940DB6}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [TCP Query User{B997108D-FBCA-407D-902D-9BC924359466}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{4F8A29F7-CD4B-40FE-82EE-D03FE1A794BA}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [{E21F74D9-7D0E-4916-AB2C-6F41F1C241E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{79AD9D66-4DAF-4686-ADB1-3F7F9BE3EDE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{A8E6DE49-815C-4EF1-A074-10118C88E53C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{9B446390-B42B-4471-89EE-B4D40F981300}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [TCP Query User{C59C1066-39B7-41AF-869C-FFBF806E2F52}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Block) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe
FirewallRules: [UDP Query User{820BFABB-7197-492A-8C74-BFB8294A440C}C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe] => (Block) C:\users\akira\appdata\local\catalinagroup\citrio\application\citrio.exe
FirewallRules: [{72EEE488-8149-490E-9064-F6328460F5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D068EBC8-E135-4D8A-8832-186ECA1C1DD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{456B7D12-9231-4F7E-A04D-8E7CF489AE17}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{EEA6F12C-E4A5-49DF-A7A3-033BEDB827E1}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{6206AE8B-7F7E-4096-BCC0-7F0C61058E35}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{9AB01371-7F41-4DF1-B664-94C956F53A2F}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{951C20C3-02A4-4DF9-8148-8FC95AFD8E7D}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{DDC8BA3B-ED1B-4F5F-BA30-C16063BD3CCD}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [TCP Query User{0E94B15B-80D6-487F-9C94-04730B846172}C:\program files\waterfox\waterfox.exe] => (Allow) C:\program files\waterfox\waterfox.exe
FirewallRules: [UDP Query User{A2AED16D-D9DB-40FC-9760-918E5913ADE8}C:\program files\waterfox\waterfox.exe] => (Allow) C:\program files\waterfox\waterfox.exe
FirewallRules: [{4A82502A-A0E9-40B8-B20A-7036492270E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowrunOnline\Shadowrun.exe
FirewallRules: [{51ECCD1E-D775-4C43-B300-81A0CB453889}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowrunOnline\Shadowrun.exe
FirewallRules: [{AC02D8BD-AFC0-4289-B164-9E5F091C1DB4}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{83A6E06F-31E0-4772-8173-756187431910}] => (Allow) LPort=5357
FirewallRules: [{342200F4-CD16-403A-AB3D-33F3D8DF1A4D}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6350D1FE-4C57-43AD-BD9D-4137B8A6A795}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStar One\DarkStarOne.exe
FirewallRules: [{30FB72D1-A471-4D8F-83E5-ED83C6FC5DF5}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStar One\DarkStarOne.exe
FirewallRules: [{4E8CE80E-C5CC-4E9E-BA84-3AE376EB952C}] => (Allow) F:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{649C3D9C-ED17-4023-955B-42CC72C8BE55}] => (Allow) F:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [TCP Query User{DFD8F9A5-4A62-492D-8D40-D22C706AF3F8}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\akira\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D9579FD8-7B8D-4533-9205-4901FB2A0F27}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\akira\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{B468F7F1-013C-4FF0-B921-F92C0969505F}D:\advanced\autorun.exe] => (Allow) D:\advanced\autorun.exe
FirewallRules: [UDP Query User{80367BF1-D796-459F-BA6E-318F95E25432}D:\advanced\autorun.exe] => (Allow) D:\advanced\autorun.exe
FirewallRules: [{974A3B56-D574-4DEB-8C03-ECA4B9F1C1E5}] => (Block) D:\advanced\autorun.exe
FirewallRules: [{FCB1DA5E-0034-467D-A786-981EA5B98057}] => (Block) D:\advanced\autorun.exe
FirewallRules: [{EF8398A8-851F-44C7-BE1A-22C46E3D201D}] => (Allow) C:\Users\Akira\Downloads\wizard\autorun.exe
FirewallRules: [TCP Query User{59C07255-096C-4B9F-AA57-90100F250A5C}C:\users\akira\appdata\local\raidar\raidar.exe] => (Allow) C:\users\akira\appdata\local\raidar\raidar.exe
FirewallRules: [UDP Query User{1350723C-7F4A-42FB-B0B5-B81F27002C19}C:\users\akira\appdata\local\raidar\raidar.exe] => (Allow) C:\users\akira\appdata\local\raidar\raidar.exe
FirewallRules: [{0849D83E-4197-4542-A9D8-29E9ED8E8E41}] => (Block) C:\users\akira\appdata\local\raidar\raidar.exe
FirewallRules: [{EB6D7EB0-1CC2-45C2-88B2-59C99B9651FE}] => (Block) C:\users\akira\appdata\local\raidar\raidar.exe
FirewallRules: [TCP Query User{CD1110C8-49C5-4695-865F-CE3EB1B00091}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{9A7D3A77-F041-43DB-91DB-C10619CB0B55}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{CBA025B0-0A38-4458-B66D-EA2E8957DC90}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC6D5776-76AB-4DA0-86AB-D012B4715C13}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{AC429784-C7EA-4243-9E95-4AE5014BE0B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06285AC4-01AB-4495-9FFE-457C939EF5DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D512A92A-346B-4FF2-B2A8-4665B8F56443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{900C0D44-F73F-4B6E-B437-9FE13C6C1BD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9FA01337-D853-4B9B-AC0F-3708F4231351}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\akira\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C46874B4-B64C-4FDA-8004-B870EC2932F5}C:\users\akira\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\akira\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CB2891AA-DE07-4831-9F53-8D4225904E32}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{4D47B910-6082-4E14-9C3F-DB108669CB71}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe
FirewallRules: [{81562F08-26F9-47FB-B6A1-B89EF8F9D2A4}] => (Block) G:\games\diablo iii\diablo iii.exe
FirewallRules: [{29F2F45D-9698-4094-83BB-ABC9D8B7FB11}] => (Block) G:\games\diablo iii\diablo iii.exe
FirewallRules: [{435461FD-A171-4D7A-87DC-8E2BA7CFAC8A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{79DC9BEF-9648-4CB8-A916-CFC90A8A7592}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34CEE231-BA4C-4275-8633-D133C032EEE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3A340C7E-086A-4252-88F7-C816173F7C25}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{AAC80550-FEF9-4F28-BFD6-5C54C5134EE7}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{C4CA8DB0-EEA6-4938-A3AF-A70D0EFE2D85}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{CE8649FE-B8CA-4ED9-9FD0-769969DA69B1}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{CF8DDA7D-CE4B-4D50-87D0-958912C07B60}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{AC74F26A-9CE6-44BF-A950-358C3F940846}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{A4FBF845-BDBF-451D-BCDE-C2E5F052E0A4}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{44B44DD6-72C1-454D-BC2D-98F044D41A67}] => (Block) F:\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{956A7DC9-D387-480F-9A87-AC0C8DE260BD}] => (Block) F:\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{84BEB567-7548-4FB9-BDC6-13A353DDB6C3}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{CFE55B37-FE46-430E-93D0-9B5E6409060C}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{AB93331E-F641-4E85-821D-5195402D4657}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{71306989-AC6F-4EDF-8FEB-3DA02698F7B9}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{A56A4E8C-3635-4A44-BA18-C5587E75C857}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FB848D70-7915-4DA3-AE69-50E58B82C3B1}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{676C92F9-1ED3-4A9C-A6C4-FD6570831DBF}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{C17BE593-A88E-44ED-A537-D1A1BAB961D6}] => (Allow) F:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{A3A97627-C768-40C7-9880-3F96353EE5C3}] => (Allow) C:\Users\Akira\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
FirewallRules: [{3876BA9B-34BD-429E-9D40-AF5798107910}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{80DC3534-0A58-4E82-AC11-6962CA807645}] => (Allow) LPort=63809
FirewallRules: [{B46F790D-9E07-4A4D-9260-27BA410BC6EB}] => (Allow) LPort=5000
FirewallRules: [{05A7CFAF-9CF6-4556-971A-7C4AAD61C512}] => (Allow) C:\Users\Akira\AppData\Local\Epic Privacy Browser\Application\epic.exe

==================== Restore Points =========================

18-07-2016 20:18:42 Removed WinZip 17.5

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41157089

Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41157089

Error: (07/26/2016 03:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11060

Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11060

Error: (07/26/2016 03:54:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (07/26/2016 03:54:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2016 03:54:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048


System errors:
=============
Error: (07/24/2016 11:34:39 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (07/23/2016 12:57:47 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (07/17/2016 07:21:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/17/2016 07:21:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2 = The system cannot find the file specified.



CodeIntegrity:
===================================
Date: 2016-07-26 21:34:47.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-26 18:57:40.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 09:24:11.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 07:53:49.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 03:44:26.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-24 16:34:45.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-24 00:10:06.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 03:00:55.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-19 12:21:21.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-23 11:09:42.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 14%
Total physical RAM: 32664.89 MB
Available physical RAM: 27976.79 MB
Total Virtual: 65327.96 MB
Available Virtual: 59385.99 MB

==================== Drives ================================

Drive c: (Win7Pro64) (Fixed) (Total:238.37 GB) (Free:13.92 GB) NTFS
Drive f: (DataStore) (Fixed) (Total:2048.1 GB) (Free:1666.61 GB) NTFS
Drive g: (FastStore) (Fixed) (Total:500.1 GB) (Free:482.16 GB) NTFS
Drive h: (NetStore) (Fixed) (Total:496.1 GB) (Free:495.99 GB) NTFS
Drive i: (BackUp) (Fixed) (Total:2544.1 GB) (Free:2526.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B9823E91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Was ich noch Anhängen möchte, ich habe ein Chip für das MB zur Hardware-Verschlüsselung. Liegt bereit aber noch nicht eingebaut, vieleicht ist dazu ja so oder so eine Neuinstallation im voraus zu Empfehlen?

Danke im voraus für eure Hilfe

Alt 27.07.2016, 00:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7x64, "Kopieren" von Daten im Hintergrund - Standard

Win7x64, "Kopieren" von Daten im Hintergrund



Hi

Warum postest du hier im Malwarebereich? Irgendwelche Virenfunde bisher?

Zitat:
ich habe ein Chip für das MB zur Hardware-Verschlüsselung
Ja und deine Kiste hat auch satte 32 GiB memory und Terabytes an Storage
Darf man mal fragen ob das wirklich alles rein privater Natur ist?
__________________

__________________

Alt 27.07.2016, 00:41   #3
AkiraAMDx64
 
Win7x64, "Kopieren" von Daten im Hintergrund - Standard

Win7x64, "Kopieren" von Daten im Hintergrund



Stimmt hat Sie. Ich bin auch ein begeisterter Spieler, sollte and der Programmliste leicht zu erkennen sein, ich denke kaum das irgendein "Geschäft" von so einer Spiele Liste begeistert wäre. Im übrigen, meine Kiste Leuchtet in Bunten Farben steckt in einem ThermalTake Modding Case, was eine meiner grösten Leidenschaften ist. Ich hab mir für diese meine Traumkiste den A.. aufgerissen denn du hast recht es steckt einiges an Kohle drin. Viel wichtiger Jedoch es steckt sehr viel Arbeit und Herzblut drin und ich will nicht das das ganze wegen irgendeiner Unerwünster Software Schaden nimmt.

Im Übrigen schreib ich hier weil der Verdacht bei dem was passiert ist mehr als nahe liegt, es im Protokol auch einige ALLERTS hat und das ganze hier eine Logfile Analyse und Auswertung ist. Also Danke für deine Begeisterung zu meiner Hardware, bin ich auch und genau darum versuche ich es zu schützen!

Malewarebytes Logfile:

Version: 2.2.1.1043
Malware Database: v2016.07.26.09
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Akira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308724
Time Elapsed: 5 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [4e534ddb8317ec4a5738098d72900ff1],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, , [a3fe9d8ba9f137ff781a9303bd457a86],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{299E00F5-3949-49C5-B229-F9CCD97DDA22}, , [20818f99cecc1a1c2ce6b21d30d2649c],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F}, , [7130de4ab8e253e39199e30d0003857b],
PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [efb252d685151f170f74945c70933bc5],

Registry Values: 2
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{299E00F5-3949-49C5-B229-F9CCD97DDA22}|Path, \ShopperPro, , [20818f99cecc1a1c2ce6b21d30d2649c]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5EA4F81-5AE0-4752-8DD0-9D90FBDD295F}|Path, \SPDriver, , [7130de4ab8e253e39199e30d0003857b]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhjehbmopbfbomhchfkhbghcehpeiijl, , [4061e147366474c281c716af59a9c63a],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl, , [fca5d652eeac1323f257cef7c73ba35d],

Files: 6
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_nhjehbmopbfbomhchfkhbghcehpeiijl_0.localstorage, , [2180e543148672c44a11765ec83a30d0],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\000003.log, , [fca5d652eeac1323f257cef7c73ba35d],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\CURRENT, , [fca5d652eeac1323f257cef7c73ba35d],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\LOCK, , [fca5d652eeac1323f257cef7c73ba35d],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\LOG, , [fca5d652eeac1323f257cef7c73ba35d],
PUP.Optional.CrossRider, C:\Users\Akira\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\nhjehbmopbfbomhchfkhbghcehpeiijl\MANIFEST-000001, , [fca5d652eeac1323f257cef7c73ba35d],

Physical Sectors: 0
(No malicious items detected)

Dennoch auch dieses Programm ist nicht fehlerfrei und wird etwas neues erst dann finden wenns bekannt ist, und dann ist es vieleicht zu spät. Zugegeben vieleicht bin ich auch einfach etwas übervorsichtig, falls dem so ist, SORRY!
__________________

Geändert von AkiraAMDx64 (27.07.2016 um 00:59 Uhr)

Alt 27.07.2016, 10:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7x64, "Kopieren" von Daten im Hintergrund - Standard

Win7x64, "Kopieren" von Daten im Hintergrund



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Win7x64, "Kopieren" von Daten im Hintergrund
akamai, antivirus, avira, bonjour, cfosspeed, computer, failed, flash player, frage, hijack, hijackthis, homepage, hängen, installation, internet, kaspersky, netgear, realtek, registry, security, server, software, svchost.exe, system, trace, usb, windows



Ähnliche Themen: Win7x64, "Kopieren" von Daten im Hintergrund


  1. Labtop bootet nur noch in Safeboot nach einer "Supportline" (Win7x64)
    Log-Analyse und Auswertung - 29.05.2015 (21)
  2. Firefox öffnet bei klicken Werbung & und Programm "lomrdjhy" im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (3)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Chrome spielt Audiowerbung im Hintergrund ab und verursacht oft den "Oh Nein"-Fehler
    Plagegeister aller Art und deren Bekämpfung - 01.01.2015 (9)
  5. Anwendungen werden "in den Hintergrund" geschoben, "wisptis.exe" doppelt
    Log-Analyse und Auswertung - 28.07.2014 (11)
  6. Windows 7: Auf Festplattenpartition für Daten befindet sich ein Ordner "SoftwareUpdater" mit einer Datei "SoftwareUpdater.Bootstrapper"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  7. Win7x64-Notebook mit "Nationzoom" infiziert
    Log-Analyse und Auswertung - 13.01.2014 (7)
  8. WIN7x64: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Abgesicherter Modus nicht möglich - bereits einiges versucht
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (3)
  9. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  10. Hintergrund: "Wertvolle Daten verdienen mehr Schutz, nicht weniger"
    Nachrichten - 03.04.2013 (0)
  11. Windows 7 - "warten Sie bis die Internetverbindung hergestellt wird" auf weißem Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (1)
  12. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  13. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  14. IE im Hintergrund aktiv trotz Firefox + Lautsprecher auf "mute"
    Log-Analyse und Auswertung - 09.08.2010 (16)
  15. Hintergrund ersetzt durch "PerMonitorWallpaper0"; TR/Agent.ACMT
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (17)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Blauer Hintergrund und Meldung "Warning! Spyware detected on your computer!"
    Log-Analyse und Auswertung - 18.08.2008 (35)

Zum Thema Win7x64, "Kopieren" von Daten im Hintergrund - Hallo In den letzten Tagen war das Internet manchmal etwas langsamer, was alleine noch kein Grund wäre hier ein Thema zu eröffnen, vorallem da ich des öfteren mehrere Browserfenster mit - Win7x64, "Kopieren" von Daten im Hintergrund...
Archiv
Du betrachtest: Win7x64, "Kopieren" von Daten im Hintergrund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.