Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, DNS... ? Commercials everywhere (blocking coop?)


  • This topic is locked This topic is locked
23 replies to this topic

#1 Kingwolf85

Kingwolf85

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 30 October 2015 - 08:01 PM

Hello.

 

For some Weeks i got this DNS Software on my PC. Now each time when i give an an Password, on GMX or Facebook, there is a new Site made with Comercial, sometimes very strange things too. An Friend and me are trying for 5 hours to set up the PC to Play Far Cry 4 in Coop Modus. Until now we failed, we read that we Need to give some ports free and we also tried some other things, all we found in the Internet. Now it is my last thinking that maybe the "Virus" made it break. Hopefully you ca help me here again to clean my PC.

 

thx a lot

 

Kingwolf

 

Well for sure, first step will be an scan or so ? I will wait for Instruction for being sure. ^^ thx a lot for your work and time



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 01 November 2015 - 11:03 PM

Hi Kingwolf85,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....


Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these files will run on your system; that will be the correct file to use. You can delete the other file.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 November 2015 - 07:51 PM

Hi dbrisendine.

 

Thanks a lot for your time and help. My englisch is not the best, but i will try my best.

 

"Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop." That worked, the two Logs are here:

 

 

FRST Log:

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von Kingwolf (Administrator) auf KINGWOLF-PC (03-11-2015 01:36:38)
Gestartet von C:\Users\Kingwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21M3ZDR2
Geladene Profile: Kingwolf (Verfügbare Profile: Kingwolf & King)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Kingwolf\AppData\Local\Akamai\netsession_win.exe
(Happy Dude) C:\Program Files (x86)\ZMatrix\matrix.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Kingwolf\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Inc.) D:\Acrobat Pro 8.0 Bilderbearbeitung\Acrobat\acrotray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Acrobat Pro 8.0 Bilderbearbeitung\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [SaitekInstall] => "C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers\00000000\setup.exe" -S3 -R -WEB <===== ACHTUNG
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kingwolf\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {6d95f049-25fe-11e2-ac59-806e6f6e6963} - "D:\StarCraft II Setup.exe"
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7a676c87-2b3a-11e2-bc59-10bf4875507d} - I:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7ccefa40-6eb6-11e4-ab24-806e6f6e6963} - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {eece1ec0-a65a-11e3-83c9-806e6f6e6963} - I:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {f7ac00ed-1478-11e2-b279-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Kingwolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-04-14]
Startup: C:\Users\Kingwolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2012-11-03]
ShortcutTarget: ZMatrix.lnk -> C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{A7AD9D52-040E-4D0F-A997-04AE7BF7522F}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-30] (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Kingwolf\AppData\Roaming\Mozilla\Firefox\Profiles\y69cy8kp.default-1443479640035
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1523712201-1305090177-3489278899-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-10-30] ()
FF Extension: Mini - Adblocker - C:\Users\Kingwolf\AppData\Roaming\Mozilla\Firefox\Profiles\y69cy8kp.default-1443479640035\Extensions\nycmyyuseafcp_lpp@sgcmzsa_ot_whe.org [2015-10-05] [ist nicht signiert]

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR Profile: C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Docs) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Drive) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (YouTube) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-05]
CHR Extension: (Google-Suche) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-05]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2015-08-06]
CHR Extension: (Screen capture) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn [2015-08-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Tabellen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf [2015-07-17]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk [2015-07-27]
CHR Extension: (Google Mail) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-12] (EasyAntiCheat Ltd)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-09-21] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Origin\BF3\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-15] ()
R2 Sweet Welcome; C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe [8016440 2015-07-12] () [Datei ist nicht signiert] <==== ACHTUNG
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-03-01] (Emsisoft GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-11-18] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-01] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-11-18] ()
R3 SaiK1713; C:\Windows\System32\DRIVERS\SaiK1713.sys [180544 2012-09-20] (Saitek)
S3 SaiK2237; C:\Windows\System32\DRIVERS\SaiK2237.sys [181024 2013-01-19] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1713; C:\Windows\System32\DRIVERS\SaiU1713.sys [47168 2012-09-20] (Saitek)
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [79800 2012-06-19] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-11-18] (Duplex Secure Ltd.)
U3 anorx97n; C:\Windows\System32\Drivers\anorx97n.sys [0 ] (Microsoft Corporation) <==== ACHTUNG (Null Byte Datei/Ordner)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-31 14:30 - 2015-10-31 14:30 - 00000927 _____ C:\Users\Kingwolf\Desktop\Steam.lnk
2015-10-30 01:11 - 2015-10-30 01:12 - 00001125 _____ C:\Users\Kingwolf\Desktop\FarCry4 - Verknüpfung.lnk
2015-10-30 00:34 - 2015-10-30 00:35 - 00000049 _____ C:\Users\Kingwolf\Desktop\Neues Textdokument (2).txt
2015-10-27 20:26 - 2015-10-27 20:26 - 00000104 _____ C:\Users\Public\Desktop\FarCry 4.url
2015-10-22 21:17 - 2015-10-22 23:43 - 00000233 _____ C:\Users\Kingwolf\Desktop\Neues Textdokument.txt
2015-10-16 17:47 - 2015-10-16 17:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-16 17:47 - 2015-10-16 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-15 16:11 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:11 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 16:11 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 16:11 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 16:11 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 16:11 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 16:11 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 23:24 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 23:24 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 23:24 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 23:24 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 23:24 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 23:24 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 23:24 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 23:24 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 23:24 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 23:24 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 23:24 - 2015-09-18 20:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 23:24 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 23:24 - 2015-09-16 05:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 23:24 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 23:24 - 2015-09-16 05:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 23:24 - 2015-09-16 05:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 23:24 - 2015-09-16 05:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 23:24 - 2015-09-16 05:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 23:24 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 23:24 - 2015-09-16 05:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 23:24 - 2015-09-16 05:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 23:24 - 2015-09-16 05:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 23:24 - 2015-09-16 05:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 23:24 - 2015-09-16 05:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 23:24 - 2015-09-16 05:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 23:24 - 2015-09-16 05:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 23:24 - 2015-09-16 05:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 23:24 - 2015-09-16 05:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 23:24 - 2015-09-16 05:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 23:24 - 2015-09-16 05:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 23:24 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 23:24 - 2015-09-16 04:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 23:24 - 2015-09-16 04:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 23:24 - 2015-09-16 04:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 23:24 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 23:24 - 2015-09-16 04:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 23:24 - 2015-09-16 04:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 23:24 - 2015-09-16 04:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 23:24 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 23:24 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 23:24 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 23:24 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 23:24 - 2015-09-16 04:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 23:24 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 23:24 - 2015-09-16 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 23:24 - 2015-09-16 04:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 23:24 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 23:24 - 2015-09-16 04:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 23:24 - 2015-09-16 04:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 23:24 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 23:24 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 23:24 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 23:24 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 23:24 - 2015-09-16 04:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 23:24 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 23:24 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 23:24 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 23:24 - 2015-09-16 04:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 23:24 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 23:24 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 23:24 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 23:24 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 23:24 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 23:24 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 23:24 - 2015-09-16 03:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 23:24 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 23:24 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 23:24 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 23:24 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 23:24 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 23:24 - 2015-09-16 03:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 23:24 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 23:24 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 23:24 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 23:24 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 23:24 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 23:24 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 23:24 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 23:23 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 23:23 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 23:23 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 23:23 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 23:23 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 23:23 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 23:23 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 23:23 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 23:23 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 23:23 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 23:23 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 23:23 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 23:23 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 23:23 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 23:23 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 23:23 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 23:23 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 23:23 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 23:23 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 23:23 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 23:23 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 23:23 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 23:23 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 23:23 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 23:23 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 23:23 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 23:23 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 23:23 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 23:23 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 23:23 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 23:23 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 23:23 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 23:23 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 23:23 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 23:23 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 23:23 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 23:23 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 23:23 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 23:23 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 23:23 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 23:23 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 23:23 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 23:23 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 23:23 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 23:23 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 23:23 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 23:23 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 23:23 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 23:23 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 23:23 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 23:23 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 23:23 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 23:23 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-05 22:59 - 2015-10-05 22:59 - 00000222 _____ C:\Users\Kingwolf\Desktop\Saints Row IV.url

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-03 01:36 - 2014-11-15 15:04 - 00000000 ____D C:\FRST
2015-11-03 01:32 - 2015-08-20 16:10 - 00000346 _____ C:\Windows\Tasks\Superclean.job
2015-11-03 01:21 - 2012-11-05 19:19 - 00000000 ____D C:\Users\Kingwolf\AppData\Roaming\TS3Client
2015-11-02 23:25 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 23:25 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 23:20 - 2012-11-05 20:19 - 00000000 ____D C:\Users\Kingwolf\AppData\Local\CrashDumps
2015-11-02 23:16 - 2011-04-12 08:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-11-02 23:16 - 2011-04-12 08:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-11-02 23:16 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 23:13 - 2012-10-12 15:33 - 01849478 _____ C:\Windows\WindowsUpdate.log
2015-11-02 23:11 - 2009-07-14 05:51 - 00323652 _____ C:\Windows\setupact.log
2015-11-02 23:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-02 10:45 - 2015-07-27 00:00 - 00000000 ____D C:\Users\Kingwolf\AppData\Local\Glyph
2015-11-02 09:18 - 2015-07-27 00:00 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-02 02:34 - 2012-12-25 03:00 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-31 14:31 - 2015-04-22 00:31 - 00000080 _____ C:\Users\Kingwolf\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-10-31 01:34 - 2014-01-27 16:09 - 00000000 ____D C:\Users\Kingwolf\AppData\Local\Battle.net
2015-10-31 01:04 - 2014-01-27 16:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-31 00:42 - 2009-07-14 03:34 - 00000019 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-10-30 00:22 - 2012-11-05 15:43 - 00000000 ____D C:\Users\Kingwolf\AppData\Roaming\Skype
2015-10-30 00:21 - 2012-10-13 14:40 - 00278642 _____ C:\Windows\DirectX.log
2015-10-27 21:00 - 2014-02-05 19:47 - 00000000 ____D C:\Users\Kingwolf\Documents\My Games
2015-10-27 20:27 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-23 15:53 - 2015-06-20 10:25 - 00000000 ____D C:\Users\Kingwolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-10-21 01:19 - 2013-06-18 18:42 - 00000000 ____D C:\Users\Kingwolf\AppData\Roaming\vlc
2015-10-20 19:25 - 2015-04-22 00:31 - 00000000 ____D C:\Program Files\Rockstar Games
2015-10-20 19:25 - 2015-04-22 00:31 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-10-16 17:47 - 2012-11-05 15:43 - 00000000 ____D C:\ProgramData\Skype
2015-10-15 23:28 - 2014-12-10 22:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 23:28 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\Screen capture
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DowwnSave
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DownSiavE
2015-10-14 15:31 - 2015-08-06 18:43 - 00000000 ____D C:\ProgramData\akdlnnllnidjgehpdomhnfbogaffnpao
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\NEToCouopon
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\CCTV View
2015-10-14 15:31 - 2015-07-27 06:41 - 00000000 ____D C:\ProgramData\agijbhikjhemlghklklmhakielodelep
2015-10-14 15:31 - 2015-07-17 08:12 - 00000000 ____D C:\ProgramData\efbfhjpfmdhdgadlnmhcgeaiidmdokem
2015-10-14 15:31 - 2015-06-25 02:34 - 00000000 ____D C:\Program Files (x86)\EnjooyCoupon
2015-10-14 15:31 - 2015-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\DiGiCoupon
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\Video Resumer
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\PriceMiNuus
2015-10-14 07:53 - 2013-07-17 23:14 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 02:46 - 2015-02-18 19:56 - 00000000 ____D C:\Windows\rescache
2015-10-14 02:05 - 2015-08-22 03:49 - 00000000 ____D C:\Program Files (x86)\LibraryModule
2015-10-14 02:05 - 2015-07-25 10:01 - 00000000 ____D C:\Program Files (x86)\Irate Woman
2015-10-14 02:02 - 2013-05-01 01:34 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-10 20:32 - 2014-11-11 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-08 21:17 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 16:50 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-05 20:09 - 2015-07-27 00:07 - 00000000 ____D C:\Users\Kingwolf\AppData\Roaming\Trove

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-06-08 02:17 - 2015-08-13 09:22 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-05 13:46 - 2015-07-05 13:46 - 0000020 _____ () C:\Users\Kingwolf\AppData\Roaming\appdataFr2.bin
2013-10-21 16:58 - 2013-10-21 16:58 - 0045270 _____ () C:\Users\Kingwolf\AppData\Roaming\room_v3.dat
2013-12-22 01:24 - 2014-09-27 07:44 - 0000177 _____ () C:\Users\Kingwolf\AppData\Roaming\WB.CFG
2013-09-27 21:04 - 2013-09-27 21:04 - 0001480 _____ () C:\Users\Kingwolf\AppData\Local\recently-used.xbel
2014-05-07 12:44 - 2014-05-07 12:44 - 0000000 _____ () C:\Users\Kingwolf\AppData\Local\{A78F4EC5-E475-4C0A-AF92-AC8FD712280B}

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Kingwolf\FRST64.exe

Einige Dateien in TEMP:
====================
C:\Users\Kingwolf\AppData\Local\Temp\6086.exe
C:\Users\Kingwolf\AppData\Local\Temp\6299.exe
C:\Users\Kingwolf\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\setacl.exe
C:\Users\Kingwolf\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2015-11-02 09:02

==================== Ende von FRST.txt ============================

 

Addition Log:

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von Kingwolf (2015-11-03 01:36:52)
Gestartet von C:\Users\Kingwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21M3ZDR2
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-12 14:35:32)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-1523712201-1305090177-3489278899-500 - Administrator - Disabled)
Gast (S-1-5-21-1523712201-1305090177-3489278899-501 - Limited - Enabled)
King (S-1-5-21-1523712201-1305090177-3489278899-1001 - Administrator - Enabled) => C:\Users\King
Kingwolf (S-1-5-21-1523712201-1305090177-3489278899-1000 - Administrator - Enabled) => C:\Users\Kingwolf

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

205e8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
Activision® (x32 Version: 1.00.0000 - Activision) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Blur™ (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation)
M.M.O.7 Update Tool (HKLM-x32\...\{24521E5B-24F2-4E84-AA44-8D1BB13140E2}) (Version: 1.1.1 - Mad Catz)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4518 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steamless Left4Dead2 Pack (HKLM-x32\...\Steamless Left4Dead2 Pack) (Version: 1.0 - Steamless)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version:  - Trion Worlds, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Warcraft III) (Version:  - )
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
ZMatrix 1.5.2 (HKLM-x32\...\ZMatrix_is1) (Version: 1.5.2 - Happy Dude)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1523712201-1305090177-3489278899-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kingwolf\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei

==================== Wiederherstellungspunkte =========================

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

#       ::1             localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {6706F7A8-2D06-4F81-AC4A-62DBF616FD4F} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ACHTUNG
Task: {6FC8333B-A914-4A7A-8377-BD398E8D1D1B} - System32\Tasks\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => D:\RC2\rct2.exe
Task: {6FCA9306-FF04-405A-83A8-239FB04F1202} - System32\Tasks\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => pcalua.exe -a D:\spore\SPORESetup.exe -d D:\spore
Task: {72E0CEAB-F62A-4BC6-8E10-B4BDDD392040} - System32\Tasks\{D0D7FA90-F11A-48F8-9EAF-1BA33FA8236D} => D:\civ2\SETUP.EXE
Task: {7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E} - System32\Tasks\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => D:\RC2\rct2.exe
Task: {7C5445E0-087B-4DFC-ACC8-FC30494B23D6} - System32\Tasks\{AA63016E-C7D3-429C-9599-E637C83259AA} => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe [2015-10-30] (Ubisoft)
Task: {97012B73-D001-4AE1-A593-8142CF1FC8E1} - System32\Tasks\{D9698921-E0FE-44E4-98E6-82D017556879} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {B14A7B84-E562-4800-9827-8D297440D2FD} - System32\Tasks\{EA7BF406-6AE2-4618-B719-1864E740DF53} => C:\Program Files (x86)\Alien Shooter 2\Run\AlienShooter2.exe
Task: {C74BCA8B-1DD9-4656-87D0-5F6A49663305} - System32\Tasks\Superclean => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ACHTUNG
Task: {CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0} - System32\Tasks\{E41DE56E-4C2B-431D-B52D-763F4C931361} => pcalua.exe -a "C:\LAN 07.03.14\CS-Lan\CS16FULL_V7.EXE" -d "C:\LAN 07.03.14\CS-Lan"
Task: {CE4F6821-7033-48C0-81C4-2C3CC3BDD0FE} - System32\Tasks\DRIVERfighter Auto Start => C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe
Task: {D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD} - System32\Tasks\{C0655F15-26B2-4648-91BA-EA6600777F64} => D:\RC2\rct2.exe
Task: {E6DC212D-E19D-4514-8CF4-2509995DC57E} - System32\Tasks\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => D:\RC2\rct2.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe <==== ACHTUNG

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-09-15 17:58 - 2015-09-15 19:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-12 16:11 - 2015-07-12 16:11 - 08016440 _____ () C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-16 02:25 - 2014-10-16 02:25 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-11-03 22:34 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-11-03 22:32 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-10-29 11:08 - 2013-11-07 19:11 - 00230376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2012-10-29 11:08 - 2013-11-07 19:11 - 00237032 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2012-10-29 11:08 - 2013-11-07 19:11 - 00431080 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-11-07 19:11 - 2013-11-07 19:11 - 00555496 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kingwolf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{1639A9FE-77C6-4E74-85F7-AD32E145C5C7}C:\program files (x86)\lineage ii\lineageii.exe] => (Allow) C:\program files (x86)\lineage ii\lineageii.exe
FirewallRules: [UDP Query User{1F77ECDB-994B-43E5-81D1-A0700755E640}C:\program files (x86)\lineage ii\lineageii.exe] => (Allow) C:\program files (x86)\lineage ii\lineageii.exe
FirewallRules: [TCP Query User{F9FB582C-8337-4A67-929D-C9E4900C2878}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{953E4A96-549B-4846-B73E-4D50FFBA4C4B}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{09D49150-B87D-4577-A115-2E1D255CDE40}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{AEBD3699-C4C2-4537-BE32-543F43FE2F21}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F5A9D203-64BF-4224-AD31-1F4F9A2BB380}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3A7D1BB-6685-4F88-8D73-751314718971}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB5E4591-2F30-49F1-859B-08D82C463799}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{D496003A-9AD9-4EFE-B4AF-F4230AC865EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A2AF1C90-4982-446F-8B96-7FF66D3A0733}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A25B589F-89FA-4695-8A65-36D94984F8CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{B1EC2D0E-6559-41C6-B8B2-A458C556FDF2}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{4E803F3E-7B9C-4326-B2CC-419AF8248124}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{E3C4FD40-1DF8-4E26-97F2-4E19F704A8F3}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{50D31D63-E774-41B0-B378-43A88D2C5C9D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{544A66D5-3473-4D52-AAE5-73D1A9B80603}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{4783F181-F941-4C35-864D-1A751BD14131}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [TCP Query User{7FEB0FE7-9E51-4033-BE5A-47FD5878CDEF}C:\users\kingwolf\videos\kknd_xtreme\kknd.exe] => (Allow) C:\users\kingwolf\videos\kknd_xtreme\kknd.exe
FirewallRules: [UDP Query User{EC21DFC6-EDB5-4994-89F3-8A2066D1ECF4}C:\users\kingwolf\videos\kknd_xtreme\kknd.exe] => (Allow) C:\users\kingwolf\videos\kknd_xtreme\kknd.exe
FirewallRules: [{881CF65D-F8AB-40A4-84A0-9E3A16B23A69}] => (Allow) %ProgramFiles% (x86)\Warcraft III\Frozen Throne.exe
FirewallRules: [TCP Query User{2B67C86A-515B-457C-A841-113D88CC43E2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A177802C-AD90-43E7-8BFA-EBC0F2DCDA92}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{C4892B9C-3A44-40B5-B668-86829C003A71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DDFF3FEC-F651-43E6-999D-F7069C721D54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [TCP Query User{791A41A2-EB38-4816-A7FA-56761E3B0ECE}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{248F67C9-FC4E-4C20-AB74-5EBCCF496375}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{A1013D48-1D48-4522-8211-A01C7695F01D}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{418DE198-75EA-46C2-902F-68BEE158537C}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{207B8AE5-8E4E-4B45-B303-C2FF6A6920A0}D:\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{0144765E-B3B2-4F20-9AC0-C7B3C2A7CA90}D:\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{4CEF103E-1758-46BF-B313-D90CBD515E4E}D:\tera\tera-launcher.exe] => (Allow) D:\tera\tera-launcher.exe
FirewallRules: [UDP Query User{C13AAD9A-3EA1-4409-A5CD-91C26B974FA0}D:\tera\tera-launcher.exe] => (Allow) D:\tera\tera-launcher.exe
FirewallRules: [TCP Query User{A85E36F8-C738-4480-B6D0-6E6DCD387019}C:\users\kingwolf\appdata\local\temp\gw2.exe] => (Allow) C:\users\kingwolf\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{4A1826E2-3BFF-4620-AA68-7BF33B3F9882}C:\users\kingwolf\appdata\local\temp\gw2.exe] => (Allow) C:\users\kingwolf\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{E93B8A80-8FE5-4D39-B1B7-73175C4A2375}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{EA31DA8E-C4DB-4CF9-B8E0-7E78EDD3145A}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [{D41FFACF-5C01-40F9-9FB3-0C32F4F57927}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8CA77349-0DEE-497D-B186-3C5CFE342689}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{A994BAC5-9258-4132-91AE-9A7A479585B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{8811C446-AEE5-411F-938A-F076C5DA3E41}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{81E840DE-FBCB-4D98-B13D-13A00A73F468}C:\program files\lan\left4dead2.exe] => (Block) C:\program files\lan\left4dead2.exe
FirewallRules: [UDP Query User{825AB973-1A09-4B56-ACF9-7BB4BCEB03FB}C:\program files\lan\left4dead2.exe] => (Block) C:\program files\lan\left4dead2.exe
FirewallRules: [TCP Query User{134CDF02-147F-42EF-BBF9-4039C4F64668}C:\program files (x86)\unreal tournament 2004\system\ut2004.exe] => (Allow) C:\program files (x86)\unreal tournament 2004\system\ut2004.exe
FirewallRules: [UDP Query User{BAEB1CDF-CE2C-415F-8B52-F92003988399}C:\program files (x86)\unreal tournament 2004\system\ut2004.exe] => (Allow) C:\program files (x86)\unreal tournament 2004\system\ut2004.exe
FirewallRules: [TCP Query User{402E5B93-6744-4E21-BC23-8CB6BF9A090C}D:\counter-strike source\hl2.exe] => (Allow) D:\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{531B229A-ABCE-4C8A-BD25-94EE5D9A8F7F}D:\counter-strike source\hl2.exe] => (Allow) D:\counter-strike source\hl2.exe
FirewallRules: [{D2930AC2-75C8-4246-BF16-3315FBD83386}] => (Allow) LPort=6112
FirewallRules: [{A1C74A6A-91F9-4DDB-8147-D5B8799F2588}] => (Allow) LPort=6112
FirewallRules: [{A2FE369C-0ABB-4DE7-AA30-501509E6272E}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{22A95795-2818-4D5A-BE2E-0169E24407AD}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{D145E86A-39DC-4798-A6C9-DE77B8BD023F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{162D8F06-4A4D-4442-A86D-0CE60A52A601}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F87489DE-7E8E-4026-BCB9-D1B71FEC0E3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F908C11B-90BE-4057-B0AE-FE9F36DD75FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E1A6A01F-B5A2-4103-BB62-2C3E1E2ACD5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D74C1126-732C-4BEC-A831-F0481230344E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{25581BC8-711D-4538-B3A1-CDE67B3496F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{75D7D17A-83D1-44E4-8A12-EAF7FF33AA8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{A23C2690-3EAD-4DD8-AB75-763F3062DC10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6463CC55-E3E7-46DB-9F74-24DEA367864E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F254C29C-4EA7-4000-A030-64C630ABC044}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{70598F1B-5F74-4151-934C-87753E8DA066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{93495DB6-EB9F-40DF-BB1B-646B467DDDCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{410074A9-F47F-4380-846D-2DB6C7565725}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BF4883CF-CC3C-4974-ABC3-B07F0562B64C}] => (Allow) D:\FEAR3\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A121E868-32F9-46E4-A23C-8AD624655DE8}] => (Allow) D:\FEAR3\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{E7E19F42-5DFE-47B7-A11E-CC135472A2A9}] => (Allow) D:\FEAR3\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{1AE7AC4A-9512-4197-B4CE-C0B1AF14520E}] => (Allow) D:\FEAR3\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{E520583F-1A5B-4903-B722-81AEFE32E9C6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{4D3260A0-EBBB-429C-98B1-BDC3171C600D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{268A3664-9F4A-4BFC-8B50-E0A48DBD3635}] => (Allow) C:\Program Files (x86)\EA GAMES\BF2\BF2.exe
FirewallRules: [{6ABE3F66-9939-4DF2-97FE-EC55E2F15A71}] => (Allow) C:\Program Files (x86)\EA GAMES\BF2\BF2.exe
FirewallRules: [{E0790148-FC69-4480-97F4-616E67687D8F}] => (Allow) D:\SWAT4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{D158D111-754C-4847-BFBD-5C7B74A4DFDB}] => (Allow) D:\SWAT4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{09CD40C6-FC66-49CC-B1DF-21D82CB99103}] => (Allow) D:\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{57FF7618-D424-4E5C-A6A4-4216772790B3}] => (Allow) D:\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{C9541F0C-409B-4A99-AD07-7271B13FC37E}] => (Allow) D:\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{B84F65B3-D0DB-4A1C-91A4-E3E2D84A2779}] => (Allow) D:\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{C64FB854-3518-4531-B55F-34C6D41A36C5}] => (Allow) D:\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{67B6393C-528D-44BD-9DA7-C68C0C575FE5}] => (Allow) D:\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{3A1FBE4E-2793-401A-8431-0A4D93C897AB}] => (Allow) C:\Users\Kingwolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E2A0A15D-B5B0-49C3-BBD3-896A1F68B4AF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1562AF8D-3FD8-4950-B4EA-556A50F9926C}] => (Allow) LPort=2869
FirewallRules: [{D09FD313-39C7-4938-94EA-38C172AC2B00}] => (Allow) LPort=1900
FirewallRules: [{D6641A9A-4933-4C58-AEBA-196B2A3E2CCE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A31AB5C2-8F5C-4AB8-96A8-9F35AE538945}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8232161-C5B9-49F7-89C1-244AD7DADB52}] => (Allow) D:\Terraria\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{78F41378-FA3E-4360-8E4F-130940DF5097}] => (Allow) D:\Terraria\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{40FF475D-0F13-4441-BD84-663D86EE8976}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0848494-8F84-40F1-B34F-462D719B2181}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{162EA60D-1709-45FA-9A7C-FD8F9CFE7AE6}] => (Allow) D:\Terraria\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C44FF57E-DBC3-48AC-959B-61D3A7523E87}] => (Allow) D:\Terraria\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{D3CD72D8-B3FD-4279-B4A4-05DC75133FA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{CF5CEDE0-191F-4DB7-9D03-6A54AFEDD3F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{7368F036-1064-47EF-BE24-6CF2E454E5E3}D:\d3\diablo iii\diablo iii.exe] => (Allow) D:\d3\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{27D3B1BA-3115-432B-A7BB-4516E13E56E5}D:\d3\diablo iii\diablo iii.exe] => (Allow) D:\d3\diablo iii\diablo iii.exe
FirewallRules: [{99154547-F85B-44A2-B86D-AE06980125FC}] => (Allow) D:\Terraria\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{10F855C5-31DD-4910-8F84-BA556F9E9968}] => (Allow) D:\Terraria\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{022F39FF-5D30-47FF-9F0E-A78EF89C5817}] => (Allow) D:\LANNNNN\BLUR\Blur.exe
FirewallRules: [{84207448-3CE4-43BF-9CB6-32D33E440947}] => (Allow) D:\LANNNNN\BLUR\Blur.exe
FirewallRules: [{58D2202B-A2E7-470B-B922-9B38B29491F4}] => (Allow) D:\LANNNNN\Swat4\Swat4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{5C2A92ED-52BB-4ECC-81F5-6AF55D42DB43}] => (Allow) D:\LANNNNN\Swat4\Swat4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{B757F53F-8A61-43C7-91B4-9F540B138AB6}] => (Allow) D:\LANNNNN\Swat4\Swat4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{B4A696A3-68E2-4BFA-A158-D69E1CCA6603}] => (Allow) D:\LANNNNN\Swat4\Swat4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{8F4BF16D-2AEC-4B96-8F3D-3EFA89278FA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{A95447E0-66A9-4D78-AC31-C5ABDC062370}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{02B2B84E-80A7-4E2A-94DF-E8E0278B2528}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{006C5FFF-484E-4C0E-8FEC-B4FC04253545}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C989AE67-CE88-4FF0-88ED-654CF3D8862E}] => (Allow) D:\Far Cry 3\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{146F92A7-8674-4BE1-9E5F-ECDDEBF8DED3}] => (Allow) D:\Far Cry 3\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{C13D6A9D-BB49-4E09-BA26-225FDA429D2B}] => (Allow) D:\Far Cry 3\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{BE838CB3-6EFE-487A-A6C8-8978F26013EF}] => (Allow) D:\Far Cry 3\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [TCP Query User{7B13BDFB-457B-4A0C-802E-F483D9F764E7}C:\program files (x86)\3do\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\3do\heroes 3 complete\heroes3.exe
FirewallRules: [UDP Query User{DF59F7B3-A4F8-4DAD-A7DE-180ADDAB3552}C:\program files (x86)\3do\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\3do\heroes 3 complete\heroes3.exe
FirewallRules: [TCP Query User{72A09B02-8920-4B9E-900B-7C662C4513AF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C9666684-F183-4E03-8977-B00D68B89CA3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{41DB221E-C3F0-41B0-86A4-707C212620C5}] => (Allow) LPort=27015
FirewallRules: [{B1DF9552-6DB6-4242-9DD3-5CCFFCF73AA4}] => (Allow) LPort=27015
FirewallRules: [{4D0658DE-0AE6-4281-9241-FB94BFDD0398}] => (Allow) D:\Far Cry 3\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{D064E331-9D91-4C45-B553-D9C5C890B58A}] => (Allow) D:\Far Cry 3\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{5518BD0B-299A-475B-A344-ACFB5638081F}] => (Allow) D:\Far Cry 3\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{55AA1EA4-39BA-4C0E-A426-C1A1E2EB9CA5}] => (Allow) D:\Far Cry 3\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{CF6FE127-27C7-4A9F-BFA1-8286CF588E93}] => (Allow) D:\Far Cry 3\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{531FAA8E-D1E6-406B-9E3C-33ED57E05EC3}] => (Allow) D:\Far Cry 3\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{A1AFAA9E-C665-4E51-BF50-F44DA7BEFE23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{90EFE229-418C-4393-9FFF-B9F2919ADADD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AECEBB4E-E949-4797-A42B-ED758FB7215E}] => (Allow) D:\Far Cry 3\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{BDE980C9-5669-45D4-9760-21A68178DE82}] => (Allow) D:\Far Cry 3\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{9680D381-56BB-4997-923E-C860F747B04D}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Block) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{11C592D5-2443-4C5A-90B6-5AF0C873210A}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Block) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{5CC8A247-888A-4C1C-B567-7CCF2ABAEA44}D:\d3\hearthstone\hearthstone.exe] => (Allow) D:\d3\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{74C60EF9-9977-493F-B86D-C9E0FAB1C9B2}D:\d3\hearthstone\hearthstone.exe] => (Allow) D:\d3\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9283F5DC-7DBD-4852-9D00-FCB50363DF3B}D:\d3\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{41C55458-114D-469B-817E-E91A93A53C68}D:\d3\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7F014473-629A-435F-BDC2-A55B0C3A0E5F}D:\gta5\gta5\gta5.exe] => (Allow) D:\gta5\gta5\gta5.exe
FirewallRules: [UDP Query User{B7C1B2D2-BBEC-4877-924C-B95BAD0C7164}D:\gta5\gta5\gta5.exe] => (Allow) D:\gta5\gta5\gta5.exe
FirewallRules: [TCP Query User{B8399403-6690-4680-8CA9-20B1BC68EACD}C:\users\kingwolf\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kingwolf\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{648413D1-D70F-4EAB-8DA4-8ACB33EEE21F}C:\users\kingwolf\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kingwolf\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BDB203C0-F4B3-47B8-A137-3A12F40243B3}] => (Allow) D:\AuraKingdom\AuraKingdom\AuraKingdom-DE\game.bin
FirewallRules: [{99C68FC3-5A23-43ED-927F-B9FD50D22859}] => (Allow) D:\AuraKingdom\AuraKingdom\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{B8589EB8-2213-405F-9ECE-AA5044E85209}D:\d3\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0D7DD3C3-C52B-42E9-905F-AEBCA12B6AC5}D:\d3\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{027820FA-FA3F-4E7F-B4E0-4C804B068CAB}] => (Allow) D:\D3\StarCraft II\StarCraft II.exe
FirewallRules: [{CE2C862C-8D56-4D7A-A6B5-B017B1FF2F80}] => (Allow) D:\D3\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{F3D45856-7C57-4770-AD19-6EBDC20C6C07}D:\d3\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{BB4F8A24-6722-4223-88B4-481ECC3B17DF}D:\d3\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{20069A2D-4F51-4AE4-B96D-478CAA0BD508}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA9DD81D-673A-45E6-B3DF-E07788159701}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D9CDF61D-1A6B-4668-B9D1-6EFDCB37C02A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D0FE884D-B942-42EC-ABDB-17260BC88619}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5631C978-2008-4800-AC20-25F53C0561E8}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1EEFDD9-36F3-4B18-8447-EFF80A93CC17}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A1F9E37F-E517-4844-B12E-80AD534478AB}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{121F686C-7C2B-48BD-A834-783E30F5D50B}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4E6350FA-7C42-4391-B894-6C8314A69C62}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{4908F204-408C-4791-BF7C-67590C1B855D}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5982EBA0-58FB-4F85-B44C-F88C3576DA5D}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F79113F8-540F-4680-B295-BA0B14D6A347}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E7CBD2EB-FD50-4A24-87C2-75AAF362DA37}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{22EC4378-AADD-4960-9278-3D1D2F266569}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BBDB0DD5-AF6A-417B-9F7C-256B201BA746}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5D66EB77-36A6-4E02-A48F-AD2365558C25}] => (Allow) D:\Far Cry 3\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{32B65704-6229-428E-880A-6F9F32B2F293}D:\d3\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A9B967FE-D6AF-498B-85FF-6CD8874E21E6}D:\d3\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A62A0942-51B0-4A22-8835-DE132DC19DC0}D:\d3\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{31332BD5-69B1-4BE2-836F-82B168A77437}D:\d3\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E89954D8-E56C-4E7C-B1D4-DEE796B08348}D:\d3\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E35B7D0-AC81-49D1-9515-BC4CB57EE2D1}D:\d3\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9F7B6173-82BA-4585-8AB3-30007BA62859}D:\d3\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4CC0F121-1766-4E91-8283-3C4458EB0231}D:\d3\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [{8D861EEC-D221-4568-A8FC-6497C1FBF495}] => (Allow) D:\Far Cry 3\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{581C928D-C117-4636-A373-44362EFD6BBE}] => (Allow) D:\Far Cry 3\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{82BFA57F-B408-4F2F-8B46-E27720BD182A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FE24AE1F-7CFB-4D56-B2E3-CA2FBBA14D70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2F9C6557-8003-4844-87FC-7A5E1B54D9E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BD24F2D6-2A44-4B47-B89A-7A27FA8EF9AC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{09347612-272B-4633-A3FF-E52DE9CBBA3F}] => (Allow) D:\BF3\Battlefield 3\bf3.exe
FirewallRules: [{92B627B5-1B56-4A8C-BFED-85FF0D787FFC}] => (Allow) D:\BF3\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{63F4900B-0A5B-4F70-8109-4409ED86E776}D:\d3\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{18D1417A-AAEA-41F0-BFCE-64B4969BF8BF}D:\d3\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{174DD417-020B-4B07-A5F1-3BF8AE253392}] => (Allow) D:\Far Cry 3\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{FAABBF0B-EF0A-4023-9F29-4A9CAAA075C8}] => (Allow) D:\Far Cry 3\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [TCP Query User{28CF9AD4-1E18-4B6E-B14B-3744079AB9D2}D:\d3\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2DAEB005-8156-4DCD-9B63-DFEB6ACFAD0B}D:\d3\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4B430D10-FEB8-4381-A0AD-84C360AA0FCC}D:\d3\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A9731827-8775-41FB-B260-DFF96C98E0CB}D:\d3\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{41471B16-CB4A-4F24-BF75-612A05C6D843}D:\d3\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7AC16C47-5161-4F1F-8463-94F2E3B25A92}D:\d3\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C835E52B-4EAF-4A3D-8507-F76176F44C94}D:\d3\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3A246EE5-53BF-4C19-8739-C75BE8F525E9}D:\d3\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\d3\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{D6803769-3705-4B83-AAA6-441102AD30DD}] => (Allow) D:\FarCry 4\FarCry 4\bin\FarCry4.exe
FirewallRules: [{97CD1F70-CFBA-4A55-AB20-0206FDFEBF87}] => (Allow) D:\FarCry 4\FarCry 4\bin\FarCry4.exe
FirewallRules: [{73725A93-B3C6-450D-94F4-EAD162CE4E39}] => (Allow) D:\FarCry 4\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{BAC1B81B-5C6D-45B4-80D3-307E5B13BB9F}] => (Allow) D:\FarCry 4\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{5F77AB1C-432C-450D-91AC-4B618E6AA8DF}] => (Allow) LPort=80
FirewallRules: [{D99F187F-5DF2-4D54-8CEC-F3C5A9AC6F85}] => (Allow) LPort=443
FirewallRules: [{97881C73-A62E-433B-9E0B-13C7F78EB53D}] => (Allow) LPort=9000
FirewallRules: [{EB04FFE2-218D-4590-B287-F1F50A64420B}] => (Allow) LPort=21120
FirewallRules: [{34194913-393E-4F95-911F-E0AADB5D5A29}] => (Allow) LPort=3074
FirewallRules: [{F4928B9E-458C-4D2A-A097-176FBF443397}] => (Allow) LPort=3074
FirewallRules: [{DB16920D-D396-4006-859B-FB8D6E059067}] => (Allow) LPort=13000
FirewallRules: [{F6492484-367B-410B-81A1-D8CAA38DD950}] => (Allow) LPort=14000
FirewallRules: [{DEA76184-4336-45BD-B46A-E6731898B482}] => (Allow) LPort=14008
FirewallRules: [{1B1DC4FB-4A3F-4643-9BA3-B8B34302DDC6}] => (Allow) LPort=13200
FirewallRules: [{9D7E7F48-E897-48DB-AF8B-1A1C18F56530}] => (Allow) LPort=10009
FirewallRules: [{23DA0C53-C291-41A8-A943-EB4EEE4FF91B}] => (Allow) LPort=13005
FirewallRules: [{4E1D3037-C2CA-433B-97E1-3207F60C9AAB}] => (Allow) LPort=13200
FirewallRules: [{DB534ED2-25E5-433F-BFCF-E6505128E723}] => (Allow) LPort=60144
FirewallRules: [{983E7C37-E6D4-4933-AF95-D60050EE8DE9}] => (Allow) LPort=5000

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/02/2015 11:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18064, Zeitstempel: 0x56042d8f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19018, Zeitstempel: 0x560a0083
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x4f0
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (11/02/2015 11:12:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 11:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18064, Zeitstempel: 0x56042d8f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19018, Zeitstempel: 0x560a0083
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x12e8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (11/02/2015 06:05:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18064, Zeitstempel: 0x56042d8f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19018, Zeitstempel: 0x560a0083
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xdf8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (11/02/2015 05:57:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 10:57:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FarCry4.exe, Version 0.1.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 134c

Startzeit: 01d114efbb6680cc

Endzeit: 279

Anwendungspfad: D:\FarCry 4\FarCry 4\bin\FarCry4.exe

Berichts-ID:

Error: (11/01/2015 10:44:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 10:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18064, Zeitstempel: 0x56042d8f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19018, Zeitstempel: 0x560a0083
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1248
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (11/01/2015 09:11:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 09:10:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18064, Zeitstempel: 0x56042d8f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19018, Zeitstempel: 0x560a0083
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Systemfehler:
=============
Error: (11/02/2015 11:12:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/02/2015 11:10:33 PM) (Source: sfsync04) (EventID: 1) (User: )
Description:

Error: (11/02/2015 05:57:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/02/2015 05:55:12 PM) (Source: sfsync04) (EventID: 1) (User: )
Description:

Error: (11/02/2015 01:25:59 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/01/2015 10:44:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/01/2015 10:42:44 PM) (Source: sfsync04) (EventID: 1) (User: )
Description:

Error: (11/01/2015 09:11:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/01/2015 09:09:16 PM) (Source: sfsync04) (EventID: 1) (User: )
Description:

Error: (11/01/2015 12:27:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8147.54 MB
Verfügbarer physikalischer RAM: 5795.56 MB
Summe virtueller Speicher: 16293.28 MB
Verfügbarer virtueller Speicher: 13795.45 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:17.08 GB) NTFS
Drive d: (Volume) (Fixed) (Total:476.94 GB) (Free:144.08 GB) NTFS
Drive e: (3) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS
Drive j: (swat4_exp) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 476.9 GB) (Disk ID: 3B5835E3)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B64C520A)
Partition 1: (Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

 



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 04 November 2015 - 12:14 AM

Your English is fine; better than my German.  But, I'm sure we will get this done ....


FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Free YouTube to MP3 Converter version 3.11.37.1212
Google Chrome


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

How is your system running now?
 

Attached Files


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 04 November 2015 - 02:46 AM

Thx for your fast answer.

 

FIRST >>>>
 

Deleted the following:
Free YouTube to MP3 Converter version 3.11.37.1212

 

Dont find that in list:
Google Chrome

SECOND >>>>

Done. PC Needs an restart and here is the Fixlog:

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von Kingwolf (2015-11-04 08:04:19) Run:14
Gestartet von C:\Users\Kingwolf\Desktop
Geladene Profile: Kingwolf (Verfügbare Profile: Kingwolf & King)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [SaitekInstall] => "C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers\00000000\setup.exe" -S3 -R -WEB <===== ACHTUNG
C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {6d95f049-25fe-11e2-ac59-806e6f6e6963} - "D:\StarCraft II Setup.exe"
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7a676c87-2b3a-11e2-bc59-10bf4875507d} - I:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7ccefa40-6eb6-11e4-ab24-806e6f6e6963} - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {eece1ec0-a65a-11e3-83c9-806e6f6e6963} - I:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {f7ac00ed-1478-11e2-b279-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Docs) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Drive) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (YouTube) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-05]
CHR Extension: (Google-Suche) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-05]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2015-08-06]
CHR Extension: (Screen capture) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn [2015-08-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Tabellen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf [2015-07-17]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk [2015-07-27]
CHR Extension: (Google Mail) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]
R2 Sweet Welcome; C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe [8016440 2015-07-12] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Sweet Welcome
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Program Files (x86)\Google\Update
C:\Program Files (x86)\Google
U3 anorx97n; C:\Windows\System32\Drivers\anorx97n.sys [0 ] (Microsoft Corporation) <==== ACHTUNG (Null Byte Datei/Ordner)
C:\Windows\System32\Drivers\anorx97n.sys
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
C:\Program Files (x86)\Garena Plus\Room\safedrv.sys
D:\CDriver64.sys
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\Screen capture
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DowwnSave
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DownSiavE
2015-10-14 15:31 - 2015-08-06 18:43 - 00000000 ____D C:\ProgramData\akdlnnllnidjgehpdomhnfbogaffnpao
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\NEToCouopon
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\CCTV View
2015-10-14 15:31 - 2015-07-27 06:41 - 00000000 ____D C:\ProgramData\agijbhikjhemlghklklmhakielodelep
2015-10-14 15:31 - 2015-07-17 08:12 - 00000000 ____D C:\ProgramData\efbfhjpfmdhdgadlnmhcgeaiidmdokem
2015-10-14 15:31 - 2015-06-25 02:34 - 00000000 ____D C:\Program Files (x86)\EnjooyCoupon
2015-10-14 15:31 - 2015-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\DiGiCoupon
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\Video Resumer
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\PriceMiNuus
2015-06-08 02:17 - 2015-08-13 09:22 - 0000079 _____ () C:\Program Files (x86)\prefs.js
C:\Users\Kingwolf\AppData\Local\Temp\6086.exe
C:\Users\Kingwolf\AppData\Local\Temp\6299.exe
C:\Users\Kingwolf\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\setacl.exe
C:\Users\Kingwolf\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\vcredist_x86.exe
CustomCLSID: HKU\S-1-5-21-1523712201-1305090177-3489278899-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kingwolf\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
Task: {6706F7A8-2D06-4F81-AC4A-62DBF616FD4F} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ACHTUNG
C:\Program Files (x86)\GetPrivate
Task: {6FCA9306-FF04-405A-83A8-239FB04F1202} - System32\Tasks\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => pcalua.exe -a D:\spore\SPORESetup.exe -d D:\spore
Task: {6FC8333B-A914-4A7A-8377-BD398E8D1D1B} - System32\Tasks\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => D:\RC2\rct2.exe
Task: {7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E} - System32\Tasks\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => D:\RC2\rct2.exe
Task: {D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD} - System32\Tasks\{C0655F15-26B2-4648-91BA-EA6600777F64} => D:\RC2\rct2.exe
Task: {E6DC212D-E19D-4514-8CF4-2509995DC57E} - System32\Tasks\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => D:\RC2\rct2.exe
D:\RC2
Task: {97012B73-D001-4AE1-A593-8142CF1FC8E1} - System32\Tasks\{D9698921-E0FE-44E4-98E6-82D017556879} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {C74BCA8B-1DD9-4656-87D0-5F6A49663305} - System32\Tasks\Superclean => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ACHTUNG
c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}
Task: {CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0} - System32\Tasks\{E41DE56E-4C2B-431D-B52D-763F4C931361} => pcalua.exe -a "C:\LAN 07.03.14\CS-Lan\CS16FULL_V7.EXE" -d "C:\LAN 07.03.14\CS-Lan"
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe <==== ACHTUNG
2015-07-12 16:11 - 2015-07-12 16:11 - 08016440 _____ () C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe
C:\Program Files (x86)\Sweet Welcome
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SaitekInstall => Wert nicht gefunden.
"C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers" => nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => Schlüssel nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d95f049-25fe-11e2-ac59-806e6f6e6963} => Schlüssel nicht gefunden.
HKCR\CLSID\{6d95f049-25fe-11e2-ac59-806e6f6e6963} => Schlüssel nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a676c87-2b3a-11e2-bc59-10bf4875507d} => Schlüssel nicht gefunden.
HKCR\CLSID\{7a676c87-2b3a-11e2-bc59-10bf4875507d} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ccefa40-6eb6-11e4-ab24-806e6f6e6963}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{7ccefa40-6eb6-11e4-ab24-806e6f6e6963} => Schlüssel nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eece1ec0-a65a-11e3-83c9-806e6f6e6963} => Schlüssel nicht gefunden.
HKCR\CLSID\{eece1ec0-a65a-11e3-83c9-806e6f6e6963} => Schlüssel nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ac00ed-1478-11e2-b279-806e6f6e6963} => Schlüssel nicht gefunden.
HKCR\CLSID\{f7ac00ed-1478-11e2-b279-806e6f6e6963} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Policies\Google => Schlüssel nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Policies\Google => Schlüssel nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default" => nicht gefunden.
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => nicht gefunden
Sweet Welcome => Dienst nicht gefunden.
"C:\Program Files (x86)\Sweet Welcome" => nicht gefunden.
gupdate => Dienst nicht gefunden.
gupdatem => Dienst nicht gefunden.
"C:\Program Files (x86)\Google\Update" => nicht gefunden.
"C:\Program Files (x86)\Google" => nicht gefunden.
anorx97n => Dienst nicht gefunden.
"C:\Windows\System32\Drivers\anorx97n.sys" => nicht gefunden.
GGSAFERDriver => Dienst nicht gefunden.
MSICDSetup => Dienst nicht gefunden.
"C:\Program Files (x86)\Garena Plus\Room\safedrv.sys" => nicht gefunden.
"D:\CDriver64.sys" => nicht gefunden.
"C:\Program Files (x86)\Screen capture" => nicht gefunden.
"C:\Program Files (x86)\DowwnSave" => nicht gefunden.
"C:\Program Files (x86)\DownSiavE" => nicht gefunden.
"C:\ProgramData\akdlnnllnidjgehpdomhnfbogaffnpao" => nicht gefunden.
"C:\Program Files (x86)\NEToCouopon" => nicht gefunden.
"C:\Program Files (x86)\CCTV View" => nicht gefunden.
"C:\ProgramData\agijbhikjhemlghklklmhakielodelep" => nicht gefunden.
"C:\ProgramData\efbfhjpfmdhdgadlnmhcgeaiidmdokem" => nicht gefunden.
"C:\Program Files (x86)\EnjooyCoupon" => nicht gefunden.
"C:\Program Files (x86)\DiGiCoupon" => nicht gefunden.
"C:\Program Files (x86)\Video Resumer" => nicht gefunden.
"C:\Program Files (x86)\PriceMiNuus" => nicht gefunden.
"C:\Program Files (x86)\prefs.js" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\6086.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\6299.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\dxwebsetup.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\setacl.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\SkypeSetup.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe" => nicht gefunden.
"C:\Users\Kingwolf\AppData\Local\Temp\vcredist_x86.exe" => nicht gefunden.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6706F7A8-2D06-4F81-AC4A-62DBF616FD4F} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\GPUP => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP => Schlüssel nicht gefunden.
"C:\Program Files (x86)\GetPrivate" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCA9306-FF04-405A-83A8-239FB04F1202} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC8333B-A914-4A7A-8377-BD398E8D1D1B} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{C0655F15-26B2-4648-91BA-EA6600777F64} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C0655F15-26B2-4648-91BA-EA6600777F64} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6DC212D-E19D-4514-8CF4-2509995DC57E} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => Schlüssel nicht gefunden.
"D:\RC2" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97012B73-D001-4AE1-A593-8142CF1FC8E1} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{D9698921-E0FE-44E4-98E6-82D017556879} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9698921-E0FE-44E4-98E6-82D017556879} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74BCA8B-1DD9-4656-87D0-5F6A49663305} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\Superclean => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => Schlüssel nicht gefunden.
"c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0} => Schlüssel nicht gefunden.
C:\Windows\System32\Tasks\{E41DE56E-4C2B-431D-B52D-763F4C931361} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E41DE56E-4C2B-431D-B52D-763F4C931361} => Schlüssel nicht gefunden.
C:\Windows\Tasks\Superclean.job => nicht gefunden.
"C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe" => nicht gefunden.
"C:\Program Files (x86)\Sweet Welcome" => nicht gefunden.

=========  ipconfig /flushdns =========

Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========

=========  netsh advfirewall reset =========

OK.

========= Ende von CMD: =========

=========  netsh advfirewall set allprofiles state on =========

OK.

========= Ende von CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Ende von CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt

========= Ende von RemoveProxy: =========

EmptyTemp: => 22.4 MB temporäre Dateien entfernt.

Das System musste neu gestartet werden.

==== Ende von Fixlog 08:04:26 ====

 

LAST >>>>

 

I jumped through Internet and until now no site pops up as i knowed before. It seems that you solved it. I will watch it for some days... but i thinks ist done. Really Thx you. Great.

 

___________________________

 

 

Can i ask for your help cause of our Gameing Problem too? Ist not an usually Problem ^^ but my friend and i are in Point of no return with that Game und even the Support dont answer. If you are up for it i can explain the Problems and the trys on our Side we made for getting the Coop Modus working.

 

Would be great if you can help with that too, if not ist no Problem, even the Support donst answer..... :-)
 



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 04 November 2015 - 10:29 AM

Did you run the Fixlist.txt scan multiple times?

 

In the C:\FRST\Logs directory there are copies of the Fixlog.txt files (with a date & time included in the name).  Can you check for the first Fixlog and post that one please?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 04 November 2015 - 09:04 PM

Yes, sorry. The first i runned, the Textfield was called "entfernen". It also needed an Update before i can used it. On your side this button is showed as "Fix", in German this button was called "entfernen". I thought its maybe an Failer from the update and i tried the same way again if i see any failers. But in the End the only failer was, that i did it twice and dont ask here again for being clear whats going on. Sorry for that, hope i dont destroyed anything.

 

Found the other Fixlog now under C:\Users\Kingwolf. this must be the first Scan. I found an old Version from frst on my PC. Downloaded it for an Friend and it was still there. This was making me confused and making it happen that i "fixed" twice. Hope its still ok for you.

 

Fixlog (First one):

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von Kingwolf (2015-11-04 07:54:57) Run:13
Gestartet von C:\Users\Kingwolf
Geladene Profile: Kingwolf (Verfügbare Profile: Kingwolf & King)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\Run: [SaitekInstall] => "C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers\00000000\setup.exe" -S3 -R -WEB <===== ACHTUNG
C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {6d95f049-25fe-11e2-ac59-806e6f6e6963} - "D:\StarCraft II Setup.exe"
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7a676c87-2b3a-11e2-bc59-10bf4875507d} - I:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {7ccefa40-6eb6-11e4-ab24-806e6f6e6963} - J:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {eece1ec0-a65a-11e3-83c9-806e6f6e6963} - I:\autorun.exe
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\...\MountPoints2: {f7ac00ed-1478-11e2-b279-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Docs) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Drive) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (YouTube) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-05]
CHR Extension: (Google-Suche) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-05]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2015-08-06]
CHR Extension: (Screen capture) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn [2015-08-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Tabellen) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf [2015-07-17]
CHR Extension: (Kein Name) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk [2015-07-27]
CHR Extension: (Google Mail) - C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]
R2 Sweet Welcome; C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe [8016440 2015-07-12] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Sweet Welcome
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Program Files (x86)\Google\Update
C:\Program Files (x86)\Google
U3 anorx97n; C:\Windows\System32\Drivers\anorx97n.sys [0 ] (Microsoft Corporation) <==== ACHTUNG (Null Byte Datei/Ordner)
C:\Windows\System32\Drivers\anorx97n.sys
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
C:\Program Files (x86)\Garena Plus\Room\safedrv.sys
D:\CDriver64.sys
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\Screen capture
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DowwnSave
2015-10-14 15:31 - 2015-08-17 06:35 - 00000000 ____D C:\Program Files (x86)\DownSiavE
2015-10-14 15:31 - 2015-08-06 18:43 - 00000000 ____D C:\ProgramData\akdlnnllnidjgehpdomhnfbogaffnpao
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\NEToCouopon
2015-10-14 15:31 - 2015-08-06 04:23 - 00000000 ____D C:\Program Files (x86)\CCTV View
2015-10-14 15:31 - 2015-07-27 06:41 - 00000000 ____D C:\ProgramData\agijbhikjhemlghklklmhakielodelep
2015-10-14 15:31 - 2015-07-17 08:12 - 00000000 ____D C:\ProgramData\efbfhjpfmdhdgadlnmhcgeaiidmdokem
2015-10-14 15:31 - 2015-06-25 02:34 - 00000000 ____D C:\Program Files (x86)\EnjooyCoupon
2015-10-14 15:31 - 2015-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\DiGiCoupon
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\Video Resumer
2015-10-14 15:31 - 2015-06-01 23:03 - 00000000 ____D C:\Program Files (x86)\PriceMiNuus
2015-06-08 02:17 - 2015-08-13 09:22 - 0000079 _____ () C:\Program Files (x86)\prefs.js
C:\Users\Kingwolf\AppData\Local\Temp\6086.exe
C:\Users\Kingwolf\AppData\Local\Temp\6299.exe
C:\Users\Kingwolf\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\setacl.exe
C:\Users\Kingwolf\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe
C:\Users\Kingwolf\AppData\Local\Temp\vcredist_x86.exe
CustomCLSID: HKU\S-1-5-21-1523712201-1305090177-3489278899-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kingwolf\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
Task: {6706F7A8-2D06-4F81-AC4A-62DBF616FD4F} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ACHTUNG
C:\Program Files (x86)\GetPrivate
Task: {6FCA9306-FF04-405A-83A8-239FB04F1202} - System32\Tasks\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => pcalua.exe -a D:\spore\SPORESetup.exe -d D:\spore
Task: {6FC8333B-A914-4A7A-8377-BD398E8D1D1B} - System32\Tasks\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => D:\RC2\rct2.exe
Task: {7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E} - System32\Tasks\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => D:\RC2\rct2.exe
Task: {D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD} - System32\Tasks\{C0655F15-26B2-4648-91BA-EA6600777F64} => D:\RC2\rct2.exe
Task: {E6DC212D-E19D-4514-8CF4-2509995DC57E} - System32\Tasks\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => D:\RC2\rct2.exe
D:\RC2
Task: {97012B73-D001-4AE1-A593-8142CF1FC8E1} - System32\Tasks\{D9698921-E0FE-44E4-98E6-82D017556879} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {C74BCA8B-1DD9-4656-87D0-5F6A49663305} - System32\Tasks\Superclean => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ACHTUNG
c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}
Task: {CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0} - System32\Tasks\{E41DE56E-4C2B-431D-B52D-763F4C931361} => pcalua.exe -a "C:\LAN 07.03.14\CS-Lan\CS16FULL_V7.EXE" -d "C:\LAN 07.03.14\CS-Lan"
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe <==== ACHTUNG
2015-07-12 16:11 - 2015-07-12 16:11 - 08016440 _____ () C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe
C:\Program Files (x86)\Sweet Welcome
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SaitekInstall => Wert erfolgreich entfernt
"C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers" => nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d95f049-25fe-11e2-ac59-806e6f6e6963}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{6d95f049-25fe-11e2-ac59-806e6f6e6963} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a676c87-2b3a-11e2-bc59-10bf4875507d}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{7a676c87-2b3a-11e2-bc59-10bf4875507d} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ccefa40-6eb6-11e4-ab24-806e6f6e6963}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{7ccefa40-6eb6-11e4-ab24-806e6f6e6963} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eece1ec0-a65a-11e3-83c9-806e6f6e6963}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{eece1ec0-a65a-11e3-83c9-806e6f6e6963} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ac00ed-1478-11e2-b279-806e6f6e6963}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{f7ac00ed-1478-11e2-b279-806e6f6e6963} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ACHTUNG => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk => nicht gefunden
C:\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => nicht gefunden
Sweet Welcome => Dienst erfolgreich entfernt
C:\Program Files (x86)\Sweet Welcome => erfolgreich verschoben
gupdate => Dienst erfolgreich entfernt
gupdatem => Dienst erfolgreich entfernt
C:\Program Files (x86)\Google\Update => erfolgreich verschoben
C:\Program Files (x86)\Google => erfolgreich verschoben
anorx97n => Dienst nicht gefunden.
"C:\Windows\System32\Drivers\anorx97n.sys" => nicht gefunden.
GGSAFERDriver => Dienst erfolgreich entfernt
MSICDSetup => Dienst erfolgreich entfernt
"C:\Program Files (x86)\Garena Plus\Room\safedrv.sys" => nicht gefunden.
"D:\CDriver64.sys" => nicht gefunden.
C:\Program Files (x86)\Screen capture => erfolgreich verschoben
C:\Program Files (x86)\DowwnSave => erfolgreich verschoben
C:\Program Files (x86)\DownSiavE => erfolgreich verschoben
C:\ProgramData\akdlnnllnidjgehpdomhnfbogaffnpao => erfolgreich verschoben
C:\Program Files (x86)\NEToCouopon => erfolgreich verschoben
C:\Program Files (x86)\CCTV View => erfolgreich verschoben
C:\ProgramData\agijbhikjhemlghklklmhakielodelep => erfolgreich verschoben
C:\ProgramData\efbfhjpfmdhdgadlnmhcgeaiidmdokem => erfolgreich verschoben
C:\Program Files (x86)\EnjooyCoupon => erfolgreich verschoben
C:\Program Files (x86)\DiGiCoupon => erfolgreich verschoben
C:\Program Files (x86)\Video Resumer => erfolgreich verschoben
C:\Program Files (x86)\PriceMiNuus => erfolgreich verschoben
C:\Program Files (x86)\prefs.js => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\6086.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\6299.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\dxwebsetup.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\setacl.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\SkypeSetup.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe => erfolgreich verschoben
C:\Users\Kingwolf\AppData\Local\Temp\vcredist_x86.exe => erfolgreich verschoben
"HKU\S-1-5-21-1523712201-1305090177-3489278899-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6706F7A8-2D06-4F81-AC4A-62DBF616FD4F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6706F7A8-2D06-4F81-AC4A-62DBF616FD4F}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\GPUP => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Schlüssel erfolgreich entfernt
"C:\Program Files (x86)\GetPrivate" => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FCA9306-FF04-405A-83A8-239FB04F1202}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCA9306-FF04-405A-83A8-239FB04F1202}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11CC1AF9-070D-4B79-A7A1-19B5A6C1027F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC8333B-A914-4A7A-8377-BD398E8D1D1B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC8333B-A914-4A7A-8377-BD398E8D1D1B}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{B8729EB9-E097-4F7B-9753-DB47311E7E9F} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B8729EB9-E097-4F7B-9753-DB47311E7E9F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A646E87-AF01-4FB3-8B23-5BC1F7F7C83E}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{CD590DFA-D737-44D7-9039-A4B44FDBE67F} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD590DFA-D737-44D7-9039-A4B44FDBE67F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7CC25CB-0B06-4BCF-9FB8-D83EAEC96AAD}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{C0655F15-26B2-4648-91BA-EA6600777F64} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C0655F15-26B2-4648-91BA-EA6600777F64}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6DC212D-E19D-4514-8CF4-2509995DC57E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6DC212D-E19D-4514-8CF4-2509995DC57E}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{D5636034-A40B-4834-A4F1-A3685D5EDF29} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5636034-A40B-4834-A4F1-A3685D5EDF29}" => Schlüssel erfolgreich entfernt
D:\RC2 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97012B73-D001-4AE1-A593-8142CF1FC8E1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97012B73-D001-4AE1-A593-8142CF1FC8E1}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{D9698921-E0FE-44E4-98E6-82D017556879} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9698921-E0FE-44E4-98E6-82D017556879}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C74BCA8B-1DD9-4656-87D0-5F6A49663305}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74BCA8B-1DD9-4656-87D0-5F6A49663305}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\Superclean => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => Schlüssel erfolgreich entfernt
c:\programdata\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD36DF2C-3D58-4FA4-9AE1-E610255FB7D0}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{E41DE56E-4C2B-431D-B52D-763F4C931361} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E41DE56E-4C2B-431D-B52D-763F4C931361}" => Schlüssel erfolgreich entfernt
C:\Windows\Tasks\Superclean.job => erfolgreich verschoben
"C:\Program Files (x86)\Sweet Welcome\Sweet Welcome.exe" => nicht gefunden.
"C:\Program Files (x86)\Sweet Welcome" => nicht gefunden.

=========  ipconfig /flushdns =========

Windows-IP-Konfiguration

Der DNS-Auflsungscache wurde geleert.

========= Ende von CMD: =========

=========  netsh advfirewall reset =========

OK.

========= Ende von CMD: =========

=========  netsh advfirewall set allprofiles state on =========

OK.

========= Ende von CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.

========= Ende von Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

 

========= Ende von Reg: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{1417E4A7-5954-47F8-AF5C-C67A50B8DA0E} canceled.
1 out of 1 jobs canceled.

========= Ende von CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1523712201-1305090177-3489278899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt

========= Ende von RemoveProxy: =========

EmptyTemp: => 4.7 GB temporäre Dateien entfernt.

Das System musste neu gestartet werden.

==== Ende von Fixlog 07:55:17 ====



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 05 November 2015 - 01:08 PM

Thank you for the log; that looks much better.
 
Unfortunately, the only thing I know about Games is how to die (haha) so not much help there.
 
Let's check for leftover Adware and move on from there, ok?
 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 05 November 2015 - 04:09 PM

Ok from my side, i am happy that you help me with that.

 

Here is the Log. (Did it only one time now ^^)

 

# AdwCleaner v5.018 - Bericht erstellt am 05/11/2015 um 22:04:57
# Aktualisiert am 05/11/2015 von Xplode
# Datenbank : 2015-11-03.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Kingwolf - KINGWOLF-PC
# Gestartet von : C:\Users\Kingwolf\Desktop\AdwCleaner.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\LibraryModule
[-] Ordner Gelöscht : C:\Program Files (x86)\bestadblocker
[-] Ordner Gelöscht : C:\Program Files (x86)\ENNjoyCoupOn
[-] Ordner Gelöscht : C:\Program Files (x86)\EunjoyCouPoan
[-] Ordner Gelöscht : C:\Program Files (x86)\NetaoCoeupoin
[-] Ordner Gelöscht : C:\Program Files (x86)\NettoCoupon
[-] Ordner Gelöscht : C:\ProgramData\14026943625050384791
[-] Ordner Gelöscht : C:\ProgramData\228fe03f00003d88
[-] Ordner Gelöscht : C:\ProgramData\349fb81b000018da
[-] Ordner Gelöscht : C:\ProgramData\35b3a63000003888
[-] Ordner Gelöscht : C:\ProgramData\3916021800006072
[-] Ordner Gelöscht : C:\ProgramData\3af46a0d00005fcf
[-] Ordner Gelöscht : C:\ProgramData\3ca5e05f00006648
[-] Ordner Gelöscht : C:\ProgramData\3ecfec6a00002e0e
[-] Ordner Gelöscht : C:\ProgramData\40bc006c00004d83
[-] Ordner Gelöscht : C:\ProgramData\45779ebc000037e9
[-] Ordner Gelöscht : C:\ProgramData\49fbc9c000004af1
[-] Ordner Gelöscht : C:\ProgramData\4b20e43000002f18
[-] Ordner Gelöscht : C:\ProgramData\67fa372e00002202
[-] Ordner Gelöscht : C:\ProgramData\8f9da3f100003412
[-] Ordner Gelöscht : C:\ProgramData\c2a9b6e8b78ee997
[-] Ordner Gelöscht : C:\ProgramData\dabf751c00001524
[-] Ordner Gelöscht : C:\ProgramData\{33f3b6dc-042b-7882-33f3-3b6dc042db70}
[-] Ordner Gelöscht : C:\ProgramData\{e06ee260-b9b3-5819-e06e-ee260b9b8982}
[-] Ordner Gelöscht : C:\Users\Kingwolf\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka
[!] Ordner Nicht Gelöscht : C:\Users\Kingwolf\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka
[-] Ordner Gelöscht : C:\Users\Kingwolf\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka
[!] Ordner Nicht Gelöscht : C:\Users\Kingwolf\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Program Files (x86)\mozilla firefox\dbghelp.dll

***** [ DLLs ] *****

***** [ Verknüpfungen ] *****

***** [ Aufgabenplanung ] *****

[-] Aufgabenplanung Gelöscht : DRIVERfighter Auto Start

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.ssliveupdate.oneclickctrl.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.ssliveupdate.update3webcontrol.3
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD [BackgroundHost.exe]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P854F086C_80F0_4051_ADA3_92BD5B4111AC_.P854F086C_80F0_4051_ADA3_92BD5B4111AC_
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P854F086C_80F0_4051_ADA3_92BD5B4111AC_.P854F086C_80F0_4051_ADA3_92BD5B4111AC_.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8A55FC28_B5D4_4B26_A40F_4E1A2742F930_.P8A55FC28_B5D4_4B26_A40F_4E1A2742F930_
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8A55FC28_B5D4_4B26_A40F_4E1A2742F930_.P8A55FC28_B5D4_4B26_A40F_4E1A2742F930_.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8BC05507_F735_4352_9464_60C7D3CB50C2_.P8BC05507_F735_4352_9464_60C7D3CB50C2_
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8BC05507_F735_4352_9464_60C7D3CB50C2_.P8BC05507_F735_4352_9464_60C7D3CB50C2_.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P9378C4F3_4161_4000_B81C_EC81599D31C4_.P9378C4F3_4161_4000_B81C_EC81599D31C4_
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P9378C4F3_4161_4000_B81C_EC81599D31C4_.P9378C4F3_4161_4000_B81C_EC81599D31C4_.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PF1D928CB_083D_49F1_8B61_C887397B9BF6_.PF1D928CB_083D_49F1_8B61_C887397B9BF6_
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PF1D928CB_083D_49F1_8B61_C887397B9BF6_.PF1D928CB_083D_49F1_8B61_C887397B9BF6_.9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\32ed91bb-e79e-c9a8-711a-81d0bacc81b9
[-] Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99DCF141-03F9-4363-8D79-640FA646DEED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{854F086C-80F0-4051-ADA3-92BD5B4111AC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8BC05507-F735-4352-9464-60C7D3CB50C2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9378C4F3-4161-4000-B81C-EC81599D31C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1D928CB-083D-49F1-8B61-C887397B9BF6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AF4400F-CDC5-4F2D-B3F1-74348E5D5CCC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{422E1393-7A4C-44FF-A7E1-8B9D146E0666}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4807D6D8-ADC8-41AF-AB9D-AE1086D1E62F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E1CD171-29C1-4D56-A223-E31C57A0A25A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70E96298-17FC-4020-A7CF-6F81ED8CF3AB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84A81B7E-B8CD-4891-BEA0-548D65E9610A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{867DF9A9-D013-4A1A-B685-DFF65D225ED4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{889074FC-1456-4CE8-88F7-154264DC275F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91F4CF02-F675-4E6A-B4E8-C13DF09B9B1B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A902A36E-0C79-4BD7-B561-9C058BD60210}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB778974-218E-4734-90F0-731BE7E50E77}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADE6A9C0-12B3-457D-9A86-548FA87E04DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7C67027-15EB-489F-A9EA-286076CF7540}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CDB98856-BEA3-4073-AF57-23A3583AE9E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CDED8922-BB3D-4E3A-9C2C-89B1C927F48B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D79CBD8E-D857-4D05-B3AD-26F722CF5B6E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7EA7058-B19B-4A27-B50A-87A1B8FC5F30}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0EE6D408-6ED5-40C6-8C42-A041D5DE9AB0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{13A42355-1F94-4459-B19E-F60B2C607C77}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{293DD661-C540-4AC4-9B4C-42E68369CE1B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2EC58BDB-0694-4D54-80DD-A8F2AA0427A1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{313B508D-596D-4BDF-B0B5-E41F224E184A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5518881B-BB38-46C7-A27C-024DA02AD167}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BDAF5CA1-4082-4F20-B44D-0238A9183DCA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
[!] Schlüssel Nicht Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BC05507-F735-4352-9464-60C7D3CB50C2}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9378C4F3-4161-4000-B81C-EC81599D31C4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1D928CB-083D-49F1-8B61-C887397B9BF6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BC05507-F735-4352-9464-60C7D3CB50C2}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9378C4F3-4161-4000-B81C-EC81599D31C4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1D928CB-083D-49F1-8B61-C887397B9BF6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A18D16ED-27B2-4B83-B70C-15E73F099546}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{854F086C-80F0-4051-ADA3-92BD5B4111AC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BC05507-F735-4352-9464-60C7D3CB50C2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9378C4F3-4161-4000-B81C-EC81599D31C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F1D928CB-083D-49F1-8B61-C887397B9BF6}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{854F086C-80F0-4051-ADA3-92BD5B4111AC}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8BC05507-F735-4352-9464-60C7D3CB50C2}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{9378C4F3-4161-4000-B81C-EC81599D31C4}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F1D928CB-083D-49F1-8B61-C887397B9BF6}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{854F086C-80F0-4051-ADA3-92BD5B4111AC}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{8A55FC28-B5D4-4B26-A40F-4E1A2742F930}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{8BC05507-F735-4352-9464-60C7D3CB50C2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9378C4F3-4161-4000-B81C-EC81599D31C4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F1D928CB-083D-49F1-8B61-C887397B9BF6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : HKCU\Software\Super Optimizer
[-] Schlüssel Gelöscht : HKCU\Software\WEBAPP
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Internetbrowser ] *****

*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [12967 Bytes] ##########


Edited by Kingwolf85, 05 November 2015 - 04:23 PM.


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 06 November 2015 - 12:37 AM

FIRST >>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


SECOND >>>>

Have you considered adding a Free AntiVirus to this system?

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

LAST >>>>

How is your system running now?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2015 - 07:18 AM

Well, well.... Another Mistake happend.... after the Scan i get asked for an restart, i didnt see the possibility to save the Document. I was thinking that it will be showed to me after the restart but it doesnt. I checked the Programm if other Tests are saved in any form, but i didnt find anything. I made another test and now for sure ist clean as an babypopo.... Before there was 64 things that where found and deleted.

 

I am afraid that i cant post you the orginal Scan anymore... i should do something like that after bein so tired, i am awake for a Long Long Long time. ^^

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 06.11.2015
Suchlaufzeit: 13:06
Protokolldatei: test.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.06.03
Rootkit-Datenbank: v2015.11.04.02
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kingwolf

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410544
Abgelaufene Zeit: 3 Min., 29 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

__________________________________

 

I have an bad expirience with free Antivirusprogramms and also bought Versions. They block Programs i want to work and things like an Police Virus i get anyway so..... I will try out from your shown Programms.

 

__________________________________

 

Still fine, when my friend is online we also try again to get the coop work. We try it after each part i finished here. ^^

 

Thx a lot, it seems there was a lot crap on it anyway... so maybe i will install one of your Freeware things now too.


Edited by Kingwolf85, 07 November 2015 - 05:41 AM.


#12 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2015 - 07:24 AM

HA !! I was sure that Programm have to list them up anyway... Think i found the old scan. Yes i am very tired. ^^

 

Schutzprotokoll: (Protectprotocol:)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 06.11.2015 12:52, SYSTEM, KINGWOLF-PC, Manual, Rootkit Database, 2015.9.18.1, 2015.11.4.2,
Update, 06.11.2015 12:52, SYSTEM, KINGWOLF-PC, Manual, IP Database, 2015.9.21.2, 2015.11.5.2,
Update, 06.11.2015 12:52, SYSTEM, KINGWOLF-PC, Manual, Remediation Database, 2015.9.16.1, 2015.11.4.1,
Update, 06.11.2015 12:52, SYSTEM, KINGWOLF-PC, Manual, Domain Database, 2015.9.22.3, 2015.11.5.10,
Update, 06.11.2015 12:52, SYSTEM, KINGWOLF-PC, Manual, Malware Database, 2015.9.22.5, 2015.11.6.3,
Scan, 06.11.2015 13:01, SYSTEM, KINGWOLF-PC, Manual, Start: 06.11.2015 12:53, Dauer: 3 Min. 33 Sek., Bedrohungssuchlauf, Abgeschlossen, 1 Malware-Erkennung, 61 Nicht-Malware-Erkennungen,
Error, 06.11.2015 13:03, SYSTEM, KINGWOLF-PC, Protection, IsLicensed, 13,
Protection, 06.11.2015 13:03, SYSTEM, KINGWOLF-PC, Protection, Malware Protection, Stopping,
Protection, 06.11.2015 13:03, SYSTEM, KINGWOLF-PC, Protection, Malware Protection, Stopped,
Scan, 06.11.2015 13:09, SYSTEM, KINGWOLF-PC, Manual, Start: 06.11.2015 13:06, Dauer: 3 Min. 29 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen,

(end)

__________________________

 

Scanprotokoll:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 06.11.2015
Suchlaufzeit: 12:53
Protokolldatei: 3.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.06.03
Rootkit-Datenbank: v2015.11.04.02
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kingwolf

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410634
Abgelaufene Zeit: 3 Min., 33 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 14
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [7556cdadbfcccf6768e965d4d82a08f8],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\skin, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],

Dateien: 48
PUP.Optional.OpenCandy, C:\Users\Kingwolf\Pictures\DTLite4491-0356.exe, In Quarantäne, [0dbecdad63289a9c9cdd80dcf60ee51b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\lsdb.js, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\background.html, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\content.js, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\manifest.json, In Quarantäne, [d0fbf882ccbf45f16a47c8b4f50dec14],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\lsdb.js, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\background.html, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\content.js, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\manifest.json, In Quarantäne, [8e3d4139a7e41422e3ce4f2d679b0af6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\lsdb.js, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\background.html, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\content.js, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\manifest.json, In Quarantäne, [67646a104e3dec4ab200c7b5e71b50b0],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\lsdb.js, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\background.html, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\content.js, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
PUP.Optional.MultiPlug, C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfjnijpelbllmhhaeicbfeefakkolmka\2.2\manifest.json, In Quarantäne, [c5063347a9e2d264dcd6c0bcc53d07f9],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome.manifest, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\icon.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\install.rdf, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\background.html, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\bg.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\button.xml, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\config.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\content.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.xul, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon128.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon128.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon16.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon16.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon18.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon18.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon24.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon24.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon32.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon32.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon48.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon48.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon64.ico, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon64.png, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\options.xul, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\settings.json, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz\background.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz\content.js, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],
PUP.Optional.SpeedAnalysis, C:\Users\Kingwolf\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\skin\framework.css, In Quarantäne, [05c6d5a5b7d4c1751776541dc83ab44c],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

 

Thx, and good night on my side now. :-) I am really Interested for our new Far Cry Test later. ^^


Edited by Kingwolf85, 07 November 2015 - 05:42 AM.


#13 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 08 November 2015 - 03:10 PM

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave your Antivirus enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#14 Kingwolf85

Kingwolf85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 09 November 2015 - 02:07 AM

Here is the List:

 

C:\AdwCleaner\Quarantine\C\ProgramData\{33f3b6dc-042b-7882-33f3-3b6dc042db70}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application
C:\FRST\Quarantine\C\ProgramData\agijbhikjhemlghklklmhakielodelep\content.js JS/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\ProgramData\agijbhikjhemlghklklmhakielodelep\lsdb.js JS/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\ProgramData\{80c743ba-3ca6-8d47-80c7-743ba3ca0ee8}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AP application
C:\FRST\Quarantine\C\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk\202\content.js JS/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\Users\Kingwolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjgedmmhamoaibhmhlllgfcocgcjfmk\202\lsdb.js JS/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\Users\Kingwolf\AppData\Local\Temp\supoptsetup.exe.xBAD multiple threats
C:\ProgramData\Adobe\AIH.33bd48dea5a2a26dda6384599e120a937ba3d56f\GTB.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\All Users\Adobe\AIH.33bd48dea5a2a26dda6384599e120a937ba3d56f\GTB.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Kingwolf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\38b23477-2416d897 a variant of Java/Exploit.CVE-2013-2460.EV trojan
C:\Users\Kingwolf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\38b23477-540d06e5 a variant of Java/Exploit.CVE-2013-2460.EV trojan
C:\Users\Kingwolf\Pictures\automouseclicker-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Windows\SysWOW64\tasks.dll a variant of Win32/Tasks.A potentially unwanted application
D:\LANNNNN\left4dead2\Left4Dead2\Left 4 Dead 2.exe a variant of Win32/Injector.Autoit.BXR trojan

_________________________________

 

Just an Info from me:

 

D:\LANNNNN\left4dead2\Left4Dead2\Left 4 Dead 2.exe a variant of Win32/Injector.Autoit.BXR trojan

This File muste be from our lan avaible Left 4 Dead 2 Game. If this is something dangerous, i can delete the whole Files there anyway.

 

C:\Users\Kingwolf\Pictures\automouseclicker-setup.exe Win32/DownloadAdmin.G potentially unwanted application

I search for an Programm that i can set some automatic Function without me needed in front of the PC. This Thing worked fine, but if this something dangerous, i can delete the whole Files there anyway.

 

Thx for your Work and Time. And your Nerves ^^ Thx.



#15 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:58 PM

Posted 10 November 2015 - 04:16 PM

Thanks for the explaination on those files.  I'll ok leaving them since you know the dangers associated with them and accept using them anyway.
 

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Adobe\AIH.33bd48dea5a2a26dda6384599e120a937ba3d56f\GTB.exe
C:\Users\All Users\Adobe\AIH.33bd48dea5a2a26dda6384599e120a937ba3d56f\GTB.exe
C:\Users\Kingwolf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\38b23477-2416d897
C:\Users\Kingwolf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\38b23477-540d06e5
C:\Windows\SysWOW64\tasks.dll
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users