Halihallo :)
MB Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 17.07.2015
Suchlauf-Zeit: 12:59:00
Logdatei: mbam.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.07.17.02
Rootkit Datenbank: v2015.07.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nomi
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 504611
Verstrichene Zeit: 7 Min, 50 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 18
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect.1, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\INPROCSERVER32, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 5
PUP.Optional.DownloadProtect.A, C:\Program Files\{FB05BF9B-A4A4-4297-BB74-5192DB5868CC}\{A1FF59F4-490A-472E-85DC-82527C5F8582}.bin, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{D80DF682-A533-45F3-B8B9-A3B1D0C9A31E}\{3E9A47B6-3686-4AB1-8D79-3D63ADA333C9}.bin, In Quarantäne, [b42203df2b5f67cf4b166cce827efe02],
PUP.Optional.DownloadProtect.A, C:\Program Files\{85E0A099-E421-4BB7-83EB-FFA513E7696F}\{50CF40CF-C6B6-4DDB-A887-FBE3637AF8CD}.bin, In Quarantäne, [fadc37ab94f69d9987da1a2089773cc4],
PUP.Optional.TenkiTechnology, C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe, In Quarantäne, [e3f3d50de5a576c082022bd34bb9d927],
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{03C203B8-B380-4880-86A9-588DEC8F2CAA}\{33C87507-C241-426D-99CE-47BBA3621998}.bin, In Quarantäne, [2ea8cf13593194a276eb65d5bd43be42],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by Nomi on 17.07.2015 at 13:13:48,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
~~~ FireFox
Successfully deleted the following from C:\Users\Nomi\AppData\Roaming\mozilla\firefox\profiles\7cycdbdi.default-1389041228630\prefs.js
user_pref(extensions.avastwrc.whiteList, {\trk\:{\apps.facebook.com\:{\703\:false},\avast.com\:{\779\:false},\mentalfloss.com\:{\705\:false,\708\:false,\71
Emptied folder: C:\Users\Nomi\AppData\Roaming\mozilla\firefox\profiles\7cycdbdi.default-1389041228630\minidumps [246 files]
~~~ Chrome
[C:\Users\Nomi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Nomi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Nomi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Nomi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.07.2015 at 13:16:43,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Nomi (administrator) on NOMI-PC on 17-07-2015 13:24:40
Running from C:\Users\Nomi\Desktop\Scantools
Loaded Profiles: Nomi (Available Profiles: Nomi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-25] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [788000 2015-07-08] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-07] (Geek Software GmbH)
HKLM-x32\...\Run: [PixelPlanet PdfPrinter-Monitor] => C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe [6324984 2015-02-05] (PixelPlanet)
HKU\S-1-5-21-753365420-711720425-523209684-1000\...\Run: [Spotify Web Helper] => C:\Users\Nomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-753365420-711720425-523209684-1000\...\Run: [Spotify] => C:\Users\Nomi\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-753365420-711720425-523209684-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-07-09] (Overwolf LTD)
HKU\S-1-5-21-753365420-711720425-523209684-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7246904 2015-07-08] (GOG.com)
Startup: C:\Users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-11-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2013-12-28]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nomi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-753365420-711720425-523209684-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-753365420-711720425-523209684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-753365420-711720425-523209684-1000 -> {160DD310-F776-4F4C-ADBF-3725F123994A} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
SearchScopes: HKU\S-1-5-21-753365420-711720425-523209684-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{F8A88AA0-6746-4554-8D04-0BDBD88B366F}\{987F54BD-2740-4AA0-B150-069910B72A64}.bin [2015-07-17] (Download Protect)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-753365420-711720425-523209684-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 05 C:\Windows\SysWOW64\DnsBlockA.dll [343584 2015-07-08] (DnsBlock)
Winsock: Catalog5 10 C:\Windows\SysWOW64\DnsBlockB.dll [343584 2015-07-08] (DnsBlock)
Winsock: Catalog5-x64 05 C:\Windows\system32\DnsBlockA.dll [434208 2015-07-08] (DnsBlock)
Winsock: Catalog5-x64 10 C:\Windows\system32\DnsBlockB.dll [433696 2015-07-08] (DnsBlock)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5119874F-601F-49E6-9C61-9291A6BCEBFA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9834A015-0012-4FC4-89F1-5441C60ECB3B}: [DhcpNameServer] 192.168.178.2
Tcpip\..\Interfaces\{C818214C-F5DE-4F50-8AD0-D673EA589757}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EE9066A7-F6B0-470E-93B2-91AAE77DCF19}: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF ProfilePath: C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\7cycdbdi.default-1389041228630
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-753365420-711720425-523209684-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-753365420-711720425-523209684-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF SearchPlugin: C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\7cycdbdi.default-1389041228630\searchplugins\google-images.xml [2014-10-17]
FF SearchPlugin: C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\7cycdbdi.default-1389041228630\searchplugins\google-maps.xml [2014-10-17]
FF Extension: EPUBReader - C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\7cycdbdi.default-1389041228630\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{9FAE2845-05E8-4F98-93AB-70E2AD02B7FA}] - C:\Windows\Installer\{8D8E64BE-CD92-4AFA-80BF-DF581C776DD8}\{9FAE2845-05E8-4F98-93AB-70E2AD02B7FA}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{8D8E64BE-CD92-4AFA-80BF-DF581C776DD8}\{9FAE2845-05E8-4F98-93AB-70E2AD02B7FA}.xpi [2015-07-17]
FF HKU\S-1-5-21-753365420-711720425-523209684-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\7cycdbdi.default-1389041228630\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-29]
CHR Extension: (Google Drive) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-29]
CHR Extension: (YouTube) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-29]
CHR Extension: (Google Search) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Google Wallet) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\Nomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-02] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-20] () [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S2 DnsBlockUpdateSvc; C:\Windows\system32\DnsBlockUpdateSvc.exe [149024 2015-07-08] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-04-21] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6806072 2015-07-16] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-05] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1001200 2015-07-09] (Overwolf LTD)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-12-08] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0000.sys [28768 2014-03-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [356352 2006-09-07] (Ralink Technology, Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Users\Nomi\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
U4 nxaudio; No ImagePath
U4 nxpcap; No ImagePath
U4 nxsshd; No ImagePath
U4 nxusbd; No ImagePath
U4 nxusbh; No ImagePath
U4 nxusbs; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 13:16 - 2015-07-17 13:16 - 00002525 _____ C:\Users\Nomi\Desktop\JRT.txt
2015-07-17 13:13 - 2015-07-17 13:13 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Nomi\Downloads\JRT.exe
2015-07-17 13:12 - 2015-07-17 13:12 - 00004908 _____ C:\Users\Nomi\Desktop\mbam.txt
2015-07-17 13:10 - 2015-07-17 13:10 - 00000000 ____D C:\Program Files\{F8A88AA0-6746-4554-8D04-0BDBD88B366F}
2015-07-17 13:10 - 2015-07-17 13:10 - 00000000 ____D C:\Program Files (x86)\{355AD930-DE7E-485E-A61E-A2818FB3AE5C}
2015-07-17 12:58 - 2015-07-17 13:24 - 00000000 ____D C:\Users\Nomi\Desktop\Scantools
2015-07-17 12:58 - 2015-07-17 12:58 - 01636864 _____ (Farbar) C:\Users\Nomi\Downloads\FRST.exe
2015-07-17 12:52 - 2015-07-17 13:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-17 12:52 - 2015-07-17 12:52 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-17 12:52 - 2015-07-17 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-17 12:52 - 2015-07-17 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-17 12:52 - 2015-07-17 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-17 12:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-17 12:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-17 12:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-17 12:51 - 2015-07-17 12:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nomi\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-17 01:40 - 2015-07-17 01:40 - 00000000 ____D C:\Program Files\{85E0A099-E421-4BB7-83EB-FFA513E7696F}
2015-07-17 01:40 - 2015-07-17 01:40 - 00000000 ____D C:\Program Files (x86)\{03C203B8-B380-4880-86A9-588DEC8F2CAA}
2015-07-16 19:48 - 2015-07-16 19:48 - 00000000 ____D C:\Users\Nomi\Desktop\Morgen Drucken
2015-07-16 16:55 - 2015-07-16 16:57 - 00000000 ____D C:\Users\Nomi\Documents\Heroes of the Storm
2015-07-16 16:44 - 2015-07-16 16:44 - 00000782 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-07-16 16:44 - 2015-07-16 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-07-16 16:17 - 2015-07-16 16:55 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-07-16 16:17 - 2015-07-16 16:17 - 00000723 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-07-16 16:17 - 2015-07-16 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-07-16 16:14 - 2015-07-16 16:14 - 03080760 _____ (Blizzard Entertainment) C:\Users\Nomi\Downloads\Heroes-of-the-Storm-Setup-deDE(1).exe
2015-07-16 16:14 - 2015-07-16 16:14 - 00000000 ____D C:\ProgramData\Battle.net
2015-07-16 15:53 - 2015-07-16 15:53 - 03080760 _____ (Blizzard Entertainment) C:\Users\Nomi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2015-07-16 02:16 - 2015-07-16 02:16 - 00000000 ____D C:\55e1791a4dee8543c801d9f89ab1
2015-07-16 02:14 - 2015-07-16 02:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-16 02:14 - 2015-07-16 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-16 01:21 - 2015-07-16 01:21 - 00010230 _____ C:\Users\Nomi\AppData\Local\recently-used.xbel
2015-07-15 13:24 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 13:24 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 13:24 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 13:24 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 13:24 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 13:24 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 13:24 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 13:24 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 13:24 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 13:24 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:24 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 13:23 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 13:23 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 13:23 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 13:23 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 13:23 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 13:23 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 13:23 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 13:23 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 13:23 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 13:23 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 13:23 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 13:23 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 13:23 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 13:23 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 13:23 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 13:23 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 13:23 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:23 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:23 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 13:22 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 13:22 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 13:22 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 13:22 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 13:22 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 13:22 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 13:22 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 13:22 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 13:22 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 13:22 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 13:22 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 13:22 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 13:22 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 13:22 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 13:22 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 13:22 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 13:22 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 13:22 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 13:22 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 13:22 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 13:22 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 13:22 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 13:22 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 13:22 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 13:22 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 13:22 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 13:22 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 13:22 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 13:22 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 13:22 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 13:22 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 13:22 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 13:22 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 13:22 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 13:22 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 13:22 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 13:22 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 13:22 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 13:22 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 13:22 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 13:22 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 13:22 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 13:22 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 13:22 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 13:21 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 13:21 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 13:21 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 13:21 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 13:21 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 13:21 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 13:21 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 13:21 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 13:21 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:21 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 13:21 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 13:21 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 13:21 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 13:21 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 13:21 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 13:21 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 13:21 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 13:21 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 13:21 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 13:21 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 13:21 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 13:21 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:21 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 13:21 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 13:21 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 13:21 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 13:21 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 13:21 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 13:21 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 13:21 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 13:21 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 13:21 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 13:21 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 13:21 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 13:21 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 13:21 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 13:21 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 13:21 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 13:21 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 13:21 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:21 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:21 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 13:21 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:21 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 13:21 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 13:21 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 13:21 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:21 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 13:21 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 13:21 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 13:21 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 13:21 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 13:21 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 13:21 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 13:21 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 13:21 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 13:21 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 13:21 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 13:21 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 13:21 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 13:21 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 12:50 - 2015-07-17 13:24 - 00000000 ____D C:\FRST
2015-07-15 12:48 - 2015-07-16 16:04 - 00000000 ____D C:\Users\Nomi\Desktop\Neuer Ordner (2)
2015-07-15 12:39 - 2015-07-15 12:39 - 00781312 _____ C:\Users\Nomi\Desktop\delfix_1.010.exe
2015-07-15 12:34 - 2015-07-15 12:34 - 00036152 _____ C:\ComboFix.txt
2015-07-15 12:29 - 2015-07-15 12:34 - 00000000 ____D C:\ComboFix
2015-07-15 12:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-15 12:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-15 12:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-15 12:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-15 12:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-15 12:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-15 12:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-15 12:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-15 12:26 - 2015-07-15 12:34 - 00000000 ____D C:\Qoobox
2015-07-15 12:26 - 2015-07-15 12:33 - 00000000 ____D C:\Windows\erdnt
2015-07-15 12:23 - 2015-07-15 12:23 - 05632449 ____R (Swearware) C:\Users\Nomi\Desktop\ComboFix.exe
2015-07-15 12:20 - 2015-07-15 12:20 - 00001260 _____ C:\Users\Nomi\Desktop\Revo Uninstaller.lnk
2015-07-15 12:20 - 2015-07-15 12:20 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-15 12:19 - 2015-07-15 12:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nomi\Downloads\revosetup95.exe
2015-07-14 18:09 - 2015-07-16 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-14 18:09 - 2015-07-14 18:09 - 02248704 _____ C:\Users\Nomi\Downloads\adwcleaner_4.208.exe
2015-07-13 19:10 - 2015-07-13 19:10 - 00000000 _____ C:\Windows\setuperr.log
2015-07-13 15:51 - 2015-07-13 15:51 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-13 15:51 - 2015-07-13 15:51 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-13 15:51 - 2015-07-13 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-13 15:49 - 2015-07-13 15:49 - 00003204 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-07-10 19:41 - 2015-07-10 19:42 - 33529276 _____ C:\Users\Nomi\Downloads\Gruppe2-Screenshots_Webseite.zip
2015-07-08 18:35 - 2015-07-08 18:35 - 00000000 ____D C:\ProgramData\PixelPlanet
2015-07-08 18:34 - 2015-07-08 18:34 - 23027824 _____ C:\Users\Nomi\Downloads\pdfprinter_setup_64bit.exe
2015-07-08 18:34 - 2015-07-08 18:34 - 00002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdfPrinter Monitor starten.lnk
2015-07-08 18:34 - 2015-07-08 18:34 - 00002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdfMerger.lnk
2015-07-08 18:34 - 2015-07-08 18:34 - 00000000 ____D C:\Users\Nomi\AppData\Local\Downloaded Installations
2015-07-08 18:34 - 2015-07-08 18:34 - 00000000 ____D C:\Program Files\Common Files\BCL Technologies
2015-07-08 18:29 - 2015-07-08 18:29 - 00524205 _____ C:\Users\Nomi\Documents\Vertrag.xps
2015-07-08 18:28 - 2015-07-08 18:28 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-08 18:28 - 2015-07-08 18:28 - 00001055 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-08 18:28 - 2015-07-08 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-08 18:28 - 2015-07-08 18:28 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-08 18:24 - 2015-07-08 18:24 - 00009098 _____ C:\Users\Nomi\Downloads\x3 AusbildungsvertragPraxissemester_beschreibbar.txt
2015-07-08 17:56 - 2015-07-08 17:56 - 00087704 _____ C:\Windows\cadkasdeinst01.exe
2015-07-08 17:56 - 2015-07-08 17:56 - 00001026 _____ C:\Users\Nomi\Desktop\PDF Editor 4.5.lnk
2015-07-08 17:56 - 2015-07-08 17:56 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.5
2015-07-08 17:56 - 2015-07-08 17:56 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\CAD-KAS
2015-07-08 17:56 - 2015-07-08 17:56 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2015-07-08 17:55 - 2015-07-09 00:26 - 00000000 ____D C:\ProgramData\AVG
2015-07-08 17:55 - 2015-07-08 17:55 - 00002221 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2015-07-08 17:55 - 2015-07-08 17:55 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-07-08 17:55 - 2015-07-08 17:55 - 00002197 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-07-08 17:55 - 2015-07-08 17:55 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\dlg
2015-07-08 17:55 - 2015-07-08 17:55 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\AVG
2015-07-08 17:55 - 2015-07-08 17:55 - 00000000 ____D C:\Users\Nomi\AppData\Local\Avg
2015-07-08 17:55 - 2015-07-08 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2015-07-08 17:55 - 2015-07-08 17:55 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-08 17:55 - 2015-06-29 10:24 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-07-08 17:55 - 2015-06-29 10:23 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-07-08 17:55 - 2015-06-29 10:23 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 00471968 _____ C:\Windows\SysWOW64\dns.block
2015-07-08 17:54 - 2015-07-08 17:54 - 00471968 _____ C:\Windows\system32\dns.block
2015-07-08 17:54 - 2015-07-08 17:54 - 00434208 _____ (DnsBlock) C:\Windows\system32\DnsBlockA.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 00433696 _____ (DnsBlock) C:\Windows\system32\DnsBlockB.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 00343584 _____ (DnsBlock) C:\Windows\SysWOW64\DnsBlockB.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 00343584 _____ (DnsBlock) C:\Windows\SysWOW64\DnsBlockA.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 00149024 _____ C:\Windows\system32\DnsBlockUpdateSvc.exe
2015-07-08 17:54 - 2015-07-08 17:54 - 00000000 ____D C:\Users\Nomi\AppData\Local\DnsBlock
2015-07-08 17:54 - 2015-07-08 17:54 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-07-08 17:54 - 2015-07-08 17:54 - 00000000 ____D C:\Program Files (x86)\DnsBlock
2015-07-08 17:51 - 2015-07-08 17:52 - 02967152 _____ (Acresso Software Inc. ) C:\Users\Nomi\Downloads\pdf-editor-4.5-setup.exe
2015-07-08 17:50 - 2015-07-08 17:50 - 18084637 _____ C:\Users\Nomi\Downloads\pdfeditor_4.5.zip
2015-07-08 17:46 - 2015-07-08 17:46 - 00000000 ____D C:\Users\Nomi\AppData\Local\PDF24
2015-07-08 17:12 - 2015-07-08 17:13 - 16381928 _____ (Geek Software GmbH ) C:\Users\Nomi\Downloads\pdf24-creator-7.0.4.exe
2015-07-02 19:33 - 2015-07-08 18:06 - 00000000 ____D C:\Users\Nomi\Documents\Praktikumsvertrag
2015-06-29 05:12 - 2015-06-29 05:12 - 00000000 ____D C:\Users\Nomi\Desktop\Neuer Ordner
2015-06-24 15:29 - 2015-06-24 15:29 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-24 15:29 - 2015-06-24 15:29 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-23 01:02 - 2015-06-23 01:02 - 00969316 _____ C:\Users\Nomi\Downloads\UebungsLsgVorschlaege(1).zip
2015-06-23 00:18 - 2015-06-21 13:48 - 00000000 ____D C:\Users\Nomi\Desktop\VSS
2015-06-23 00:18 - 2015-03-26 00:45 - 00000000 ____D C:\Users\Nomi\Desktop\Rechnernetze
2015-06-23 00:18 - 2015-03-16 16:40 - 00000000 ____D C:\Users\Nomi\Desktop\Wahrscheinlichkeitstheorie und Numerik
2015-06-23 00:18 - 2015-02-12 21:14 - 00000000 ____D C:\Users\Nomi\Desktop\Grafische Datenverarbeitung
2015-06-22 18:55 - 2014-10-28 16:09 - 00000000 ____D C:\Users\Nomi\Desktop\Softwaretechnik_1
2015-06-22 18:55 - 2014-10-11 11:45 - 00000000 ____D C:\Users\Nomi\Desktop\Softwaretechnik_2
2015-06-21 01:45 - 2015-06-21 01:45 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\Injustice
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 13:21 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 13:21 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 13:12 - 2013-12-28 07:17 - 01705354 _____ C:\Windows\WindowsUpdate.log
2015-07-17 13:09 - 2015-05-25 14:02 - 00000000 ____D C:\Users\Nomi\AppData\Local\Overwolf
2015-07-17 13:09 - 2014-02-12 00:31 - 00000000 ____D C:\Users\Nomi\AppData\Local\Spotify
2015-07-17 13:09 - 2014-02-12 00:30 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\Spotify
2015-07-17 13:09 - 2013-12-28 23:10 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\stickies
2015-07-17 13:08 - 2015-03-10 12:09 - 00000000 ____D C:\Windows\pss
2015-07-17 13:08 - 2010-11-21 05:47 - 00750320 _____ C:\Windows\PFRO.log
2015-07-17 13:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 13:08 - 2009-07-14 06:51 - 00227818 _____ C:\Windows\setupact.log
2015-07-17 12:54 - 2011-04-12 09:43 - 00748818 _____ C:\Windows\system32\perfh007.dat
2015-07-17 12:54 - 2011-04-12 09:43 - 00167166 _____ C:\Windows\system32\perfc007.dat
2015-07-17 12:54 - 2009-07-14 07:13 - 01756862 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-17 01:44 - 2013-12-28 16:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 22:49 - 2014-01-16 00:25 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\TS3Client
2015-07-16 22:47 - 2014-05-17 21:33 - 00000000 ____D C:\Users\Nomi\AppData\Local\Battle.net
2015-07-16 15:53 - 2014-01-15 23:45 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-16 12:29 - 2009-07-14 06:45 - 00307000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 12:28 - 2015-04-05 04:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 12:28 - 2015-04-05 04:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 12:28 - 2014-12-11 11:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 12:28 - 2014-05-06 23:51 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 12:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 02:14 - 2015-05-29 02:04 - 00000000 ____D C:\ProgramData\Skype
2015-07-16 02:14 - 2014-01-17 12:01 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 02:11 - 2014-03-25 23:08 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-16 02:11 - 2014-01-16 16:08 - 00000000 ____D C:\Users\Nomi\.gimp-2.8
2015-07-16 00:33 - 2014-01-16 16:09 - 00000000 ____D C:\Users\Nomi\AppData\Local\gtk-2.0
2015-07-15 23:59 - 2013-12-30 20:29 - 00000000 ____D C:\Users\Nomi\.thumbnails
2015-07-15 13:24 - 2014-11-14 02:24 - 00000000 ____D C:\Program Files (x86)\FreeHideIP
2015-07-15 13:16 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-15 12:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-15 12:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-15 01:27 - 2015-03-08 01:28 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-14 19:44 - 2013-12-28 16:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 19:44 - 2013-12-28 16:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 19:44 - 2013-12-28 16:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 20:36 - 2013-12-28 20:13 - 00000000 ____D C:\Users\Nomi\AppData\Local\CrashDumps
2015-07-13 15:51 - 2013-12-29 04:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-13 15:50 - 2013-12-29 16:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-13 15:49 - 2014-11-13 17:36 - 00000000 __SHD C:\Users\Nomi\AppData\Local\EmieBrowserModeList
2015-07-13 15:49 - 2014-05-15 16:41 - 00000000 __SHD C:\Users\Nomi\AppData\Local\EmieUserList
2015-07-13 15:49 - 2014-05-15 16:41 - 00000000 __SHD C:\Users\Nomi\AppData\Local\EmieSiteList
2015-07-13 14:38 - 2014-02-10 00:16 - 00000000 ____D C:\Users\Nomi\AppData\Roaming\Skype
2015-07-13 14:37 - 2014-05-11 20:36 - 00000000 ____D C:\Windows\Minidump
2015-07-13 14:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-07-13 14:35 - 2014-07-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
2015-07-03 08:43 - 2014-01-17 12:01 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-29 05:31 - 2015-04-02 12:35 - 00000000 ____D C:\Users\Nomi\Documents\Bildteil
2015-06-26 20:14 - 2015-03-08 01:26 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-24 15:29 - 2015-03-08 01:26 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-21 14:17 - 2014-09-24 11:15 - 00000000 ____D C:\Windows\rescache
2015-06-20 20:25 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-17 19:44 - 2015-04-30 19:58 - 00000000 ____D C:\Users\Nomi\Desktop\Sortieren
==================== Files in the root of some directories =======
2014-06-19 14:26 - 2014-06-19 14:26 - 0000074 _____ () C:\Users\Nomi\AppData\Roaming\Camdata.ini
2014-06-19 14:26 - 2014-06-19 14:26 - 0000408 _____ () C:\Users\Nomi\AppData\Roaming\CamLayout.ini
2014-06-19 14:26 - 2014-06-19 14:26 - 0000408 _____ () C:\Users\Nomi\AppData\Roaming\CamShapes.ini
2014-06-19 14:22 - 2014-06-19 14:26 - 0004545 _____ () C:\Users\Nomi\AppData\Roaming\CamStudio.cfg
2014-06-19 14:13 - 2014-06-19 14:24 - 0000096 _____ () C:\Users\Nomi\AppData\Roaming\version2.xml
2015-05-01 17:34 - 2015-05-01 17:34 - 0005120 _____ () C:\Users\Nomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-16 01:21 - 2015-07-16 01:21 - 0010230 _____ () C:\Users\Nomi\AppData\Local\recently-used.xbel
2015-03-28 15:40 - 2015-03-28 15:40 - 0007603 _____ () C:\Users\Nomi\AppData\Local\Resmon.ResmonCfg
2013-12-28 21:12 - 2014-01-15 21:16 - 0000003 _____ () C:\Users\Nomi\AppData\Local\user_data.ini
2014-12-08 23:05 - 2014-12-08 23:05 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat
Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat
Some files in TEMP:
====================
C:\Users\Nomi\AppData\Local\Temp\Quarantine.exe
C:\Users\Nomi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-10 11:19
==================== End of log ============================ |