Benutzerkontensteuerung Deaktiviert

Franky10 · 18.11.2014, 10:31

Hallo,

ich habe verschiedene Probleme mit meinem PC.
Die Probleme sind das bei meinem PC die Benutzerkontensteuerung immer deaktiviert ist, ebenfalls ist Automatische Windows Updates deaktiviert, im Prozess Fenster des Task-Managers fehlt die Spalte Abbildname und das Windows Security Center ist auch deaktiviert.
Mithilfe des Programmes Trojan Remover habe ich heraus gefunden das die Datei C:\Windows\System32\rpcss.dll womöglich beschädigt ist.

schrauber · 18.11.2014, 10:38

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Franky10 · 18.11.2014, 10:52

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Privat (administrator) on PRIVAT-PC on 18-11-2014 10:48:18
Running from C:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1QYTE8H
Loaded Profile: Privat (Available profiles: Privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrojanScanner] => C:\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKLM-x32\...\RunOnce: [Trojan Remover] => C:\Trojan Remover\RMVTRJAN.EXE [5468008 2014-05-22] (Simply Super Software)
HKLM\...\Policies\Explorer\Run: [2886755069] => C:\ProgramData\msrmfn.exe [119296 2014-11-13] ( (CrystalIDEA Software))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\MountPoints2: {8bb6fd8c-b169-11e2-aed8-00016c6e4c57} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x061DAC5E614FCE01
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> DefaultScope {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
FF NetworkProxy: "backup.ftp", "37.187.85.128"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.socks", "37.187.85.128"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "37.187.85.128"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "37.187.85.128"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "http", "37.187.85.128"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "37.187.85.128"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "37.187.85.128"
FF NetworkProxy: "ssl_port", 8081
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Privat\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Privat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: ubisoft.com/uplaypc -> C:\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\foxyproxy@eric.h.jung [2014-09-06]
FF Extension: ProxTube - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-02-21]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; C:\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 IconMan_R; C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software)
S4 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-16] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-26] (Disc Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-16] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-21] (microOLAP Technologies LTD)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 10:48 - 2014-11-18 10:48 - 02117120 _____ (Farbar) C:\Users\Privat\Downloads\FRST64.exe
2014-11-18 10:48 - 2014-11-18 10:48 - 00000000 ____D () C:\FRST
2014-11-18 10:11 - 2014-11-18 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-18 10:01 - 2014-11-18 10:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-18 10:01 - 2014-11-18 10:01 - 00000738 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-11-18 10:01 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-18 10:00 - 2014-11-18 10:01 - 21657592 _____ (Simply Super Software ) C:\Users\Privat\Downloads\trjsetup.exe
2014-11-18 09:59 - 2014-11-18 09:59 - 00000000 ____D () C:\Users\Privat\Documents\Simply Super Software
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\Trojan Remover
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-11-18 09:58 - 2014-11-18 09:58 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-11-17 09:46 - 2014-11-17 09:46 - 00000000 __SHD () C:\Users\Privat\AppData\Local\EmieBrowserModeList
2014-11-13 18:34 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:34 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:34 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:34 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:34 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:34 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:34 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:34 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:34 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:34 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:34 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:34 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:34 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:34 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:34 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:34 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:34 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:34 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:34 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:34 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:34 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:34 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:34 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:34 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:34 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:34 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:34 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:31 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:31 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:31 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:31 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:31 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:30 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:29 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:29 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:29 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:29 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:29 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:29 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:29 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 22:01 - 2014-11-11 22:01 - 01279428 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel.CT
2014-11-11 15:03 - 2014-11-11 15:44 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755
2014-11-11 15:03 - 2014-11-11 15:03 - 13162501 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755.zip
2014-11-10 20:08 - 2014-11-10 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 19:26 - 2014-11-13 18:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Qytir
2014-11-06 19:26 - 2014-11-13 11:14 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Xunoo
2014-11-05 20:26 - 2014-11-06 07:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Udabc
2014-11-05 20:26 - 2014-11-05 20:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Zyzoki
2014-11-05 18:59 - 2014-11-05 18:59 - 01055936 _____ (Adobe) C:\Users\Privat\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-11-05 15:22 - 2014-11-05 15:22 - 00682488 _____ () C:\Users\Privat\Downloads\SC2_v2.1.6.32540 All.CT
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\LogMeIn Hamachi
2014-11-03 00:13 - 2014-11-03 00:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Savant_Ascent
2014-11-01 15:33 - 2014-11-01 15:33 - 01013777 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel(1).CT
2014-10-30 17:32 - 2014-10-30 17:33 - 06180521 _____ () C:\Users\Privat\Downloads\buddy-profiles.honorbuddy.rar
2014-10-30 17:15 - 2014-10-30 17:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Bossland
2014-10-30 17:06 - 2014-11-11 15:04 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753
2014-10-30 17:01 - 2014-10-30 17:02 - 13360657 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753.zip
2014-10-29 17:43 - 2014-10-29 17:44 - 00000000 ____D () C:\Users\Privat\Documents\Heroes of the Storm
2014-10-29 15:34 - 2014-10-29 15:34 - 00000688 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-10-28 16:30 - 2014-10-28 16:30 - 00002060 _____ () C:\Users\Privat\Downloads\moneytype.lua
2014-10-28 16:14 - 2014-10-28 16:14 - 00150719 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1004.CT
2014-10-28 16:08 - 2014-10-28 16:08 - 00052450 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1000.CT
2014-10-28 13:08 - 2014-10-28 13:08 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752
2014-10-28 13:07 - 2014-10-28 13:07 - 13180572 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752.zip
2014-10-28 13:05 - 2014-11-11 15:08 - 00000000 ____D () C:\Users\Privat\Downloads\Cd teil
2014-10-28 13:05 - 2014-10-28 13:05 - 00237261 _____ () C:\Users\Privat\Downloads\CDPatcher.zip
2014-10-28 12:55 - 2014-10-28 12:55 - 00005444 _____ () C:\Users\Privat\Downloads\relink.us__sidmecivi.iso_11f422c9c7b724e5e2bfe1c6ff3466.dlc
2014-10-28 12:18 - 2014-10-28 12:18 - 00000549 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk
2014-10-28 12:18 - 2014-10-28 12:18 - 00000549 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
2014-10-22 10:39 - 2014-10-22 10:39 - 00000000 ____D () C:\Users\Privat\Downloads\saveedit_r7
2014-10-22 10:36 - 2014-10-22 10:37 - 01219525 _____ () C:\Users\Privat\Downloads\saveedit_r7.zip
2014-10-20 10:01 - 2014-10-20 10:00 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 10:00 - 2014-10-20 10:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 10:00 - 2014-10-20 10:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 10:00 - 2014-10-20 10:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 10:00 - 2014-10-20 10:00 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 10:49 - 2014-06-15 12:24 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-11-18 10:47 - 2013-10-04 19:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2014-11-18 10:45 - 2013-02-20 17:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 10:36 - 2013-05-01 12:25 - 00000063 _____ () C:\Windows\SIERRA.INI
2014-11-18 10:34 - 2013-04-15 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-11-18 10:34 - 2013-02-21 15:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2014-11-18 10:33 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 10:32 - 2013-02-21 15:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 10:29 - 2014-06-27 07:58 - 00000000 ____D () C:\Creeper World 3
2014-11-18 10:20 - 2013-02-20 17:01 - 01755385 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 10:14 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 10:14 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 10:07 - 2013-12-13 17:06 - 00000000 ____D () C:\Users\Privat\AppData\Local\LogMeIn Hamachi
2014-11-18 10:07 - 2013-03-15 23:49 - 00000000 ____D () C:\Users\Privat\AppData\Local\TSVNCache
2014-11-18 10:07 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2014-11-18 10:06 - 2014-10-09 05:07 - 00013664 _____ () C:\Windows\setupact.log
2014-11-18 10:06 - 2013-02-20 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-18 10:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-18 10:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 02:53 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-16 12:28 - 2014-06-02 12:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-15 12:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 11:30 - 2014-10-09 05:06 - 00295360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:28 - 2014-10-12 00:02 - 00029462 _____ () C:\Windows\PFRO.log
2014-11-15 11:27 - 2013-08-06 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 11:27 - 2013-02-20 18:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 07:09 - 2011-04-12 08:43 - 00700500 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 07:09 - 2011-04-12 08:43 - 00150138 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 07:09 - 2009-07-14 06:13 - 01624234 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 22:01 - 2013-10-09 21:12 - 00119296 ____H (CrystalIDEA Software) C:\ProgramData\msrmfn.exe
2014-11-13 18:14 - 2013-02-21 15:25 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-12 22:01 - 2013-03-16 19:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-12 20:32 - 2013-02-21 15:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 20:32 - 2013-02-21 15:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:32 - 2013-02-21 15:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 08:24 - 2014-09-02 20:11 - 00000219 _____ () C:\Users\Privat\Desktop\Diablo 3 Bot key.txt
2014-11-11 10:30 - 2013-02-21 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 19:23 - 2013-02-21 15:25 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-05 14:53 - 2013-02-25 11:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\uTorrent
2014-11-04 13:39 - 2013-03-10 00:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\.minecraft
2014-10-29 19:55 - 2013-10-28 11:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-29 17:43 - 2013-02-21 15:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-28 12:28 - 2014-04-13 13:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2014-10-28 12:28 - 2013-03-18 16:18 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2014-10-28 11:40 - 2014-06-02 13:31 - 00000000 ____D () C:\Users\Privat\Downloads\SpeedAutoClicker
2014-10-26 10:15 - 2014-08-28 11:38 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-24 11:23 - 2014-10-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-20 10:02 - 2014-08-26 11:48 - 00000000 ____D () C:\ProgramData\Oracle

Files to move or delete:
====================
C:\ProgramData\msrmfn.exe


Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\Temp\tmp4C2E.dll
C:\Users\Privat\AppData\Local\Temp\tmp9E5.dll
C:\Users\Privat\AppData\Local\Temp\tmpCD0F.dll
C:\Users\Privat\AppData\Local\Temp\Uninstall.exe
C:\Users\Privat\AppData\Local\Temp\_is9F89.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:47

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Privat at 2014-11-18 10:49:46
Running from C:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1QYTE8H
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Remember Me»  1.0.2056.0 (HKLM-x32\...\Remember Me_is1) (Version: 1.0.2056.0 - CAPCOM)
µTorrent (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
AC3-Deu-x64 1.00 (HKLM-x32\...\AC3-Deu-x64 1.00) (Version: 1.00 - Hexa-keys.de)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Armies of Exigo (HKLM-x32\...\Armies of Exigo_is1) (Version:  - )
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Cave Story (HKLM-x32\...\Cave Story) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chantelise (HKLM-x32\...\Steam App 70420) (Version:  - EasyGameStation)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - )
Curse Client (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dominions 4 - Thrones of Ascension (HKLM-x32\...\Dominions 4 - Thrones of Ascension1.1) (Version: 1.1 - Foxy Games)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
Electronic Super Joy: Groove City (HKLM-x32\...\Steam App 301460) (Version:  - Michael Todd Games)
eMule (HKLM-x32\...\eMule) (Version:  - )
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fortune Summoners: Secret of the Elemental Stone (HKLM-x32\...\Steam App 203510) (Version:  - Lizsoft)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Screen Video Recorder version 2.5.31.1022 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.31.1022 - DVDVideoSoft Ltd.)
GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Goat Simulator 1.0.27849 (HKLM-x32\...\Goat Simulator 1.0.27849) (Version: 1.0.27849 - Goat Simulator. Full Game)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Honorbuddy (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{c5d18628-1abd-4da7-a0cd-108ba608da79}) (Version: 2.5.10945.744 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.10945.744 - Bossland GmbH) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Kohan II Kings of War (HKLM-x32\...\InstallShield_{F96A02BA-8F24-44D4-AC69-EE4CAD772290}) (Version: 0.2.0.0 - TimeGate Studios)
Kohan II Kings of War (x32 Version: 0.2.0.0 - TimeGate Studios) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic Workstation 0.94f (HKLM-x32\...\Magic Workstation_is1) (Version:  - Magic Technology)
Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version:  - )
Mass Effect 3 (c) Bioware version 1 (HKLM-x32\...\TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1) (Version: 1 - )
Mass Effect 3 Firefight DLC 1.00 (HKLM-x32\...\Mass Effect 3 Firefight DLC 1.00) (Version:  - )
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.153 - McAfee, Inc.)
MegaTrainer eXperience V1.2.5.6 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Miku Dark Vocaloid3 Library (HKLM-x32\...\Miku Dark Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Miku Soft Vocaloid3 Library (HKLM-x32\...\Miku Soft Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
ParaWorld (HKLM-x32\...\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}) (Version: 1.00 - Sunflowers)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.2-1.0.6555.3 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.0.0.10 - GOG.com)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.07 (25.02.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.70.02(21.09.2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.17 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Sins of a Solar Empire Rebellion (c) Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion (c) Stardock_is1) (Version: 1 - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Space Run (HKLM-x32\...\Steam App 275670) (Version:  - Passtech Games)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Trek Armada II (HKLM-x32\...\Star Trek Armada II) (Version:  - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Tropico 4 1.00 (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Tropico 4) (Version: 1.00 - Kalypso Media)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.122 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Vocaloid3 Free Edition v3.0.5.0 (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 - )
VVVVVV (Window v1.0) (HKLM-x32\...\{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1) (Version:  - Terry Cavanagh)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WeGame Client 2.4.3.0 (HKLM-x32\...\12345_is1) (Version: 2.4.3.0 - WeGame.com, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XLink Kai (HKLM-x32\...\{68698000-12EF-4B09-8A80-1C44BE7FF76B}) (Version: 7.4.26.0 - Team XLink)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0c648402-45fe-4fd4-af02-244c74687711}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0d59693a-5e3e-413a-90ab-7a7af12c988e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{1434a289-0e6d-4f32-9374-96d593732bb9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2549cc27-4bcb-4f26-9e29-b2acfbf22ecf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2cd4e7ef-3985-4b7d-bf9b-9f5698f058ae}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2f7a7067-3c0c-4126-9d45-6f3119a22f22}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3794ecb7-d216-435c-b437-0578bb1373e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{39a79074-1e2f-4b17-be08-a23c0d6fc2ff}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3fc73614-c9f4-4a88-8bb7-36e8c2680364}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{4968d3ac-79e0-4c40-901a-bf7f1d7d714f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5052c3ca-b29a-4d5f-8765-c670bc6282ad}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{521215e6-cafb-4139-a411-781ffc69ec5c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{58ce203d-18ac-411a-82e3-b0a4ed5c7c8b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5956bc0f-b5e8-4e10-84bc-50beb2f58207}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{59bbcca9-cda2-4958-ae5e-659a55b0014a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d278f15-30f1-483f-8eb7-7b115f73e647}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d4eca92-7634-4ada-8803-81fb5480f9bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5fc89f7a-a180-4d5a-a0f8-1d05fc56d1a7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6270117a-25fb-4e5d-ac22-40f6ac2e89e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{66dd8465-7ed7-45dd-aaab-81893ee157af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6d5f192d-ce46-4778-a172-33d0ae5dd49d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6e4e9bda-a06e-4382-ab86-4f5ef064b45e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{71a1962a-ee7b-45a4-beb1-0d23380a9e0e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7933c0a8-a94b-4584-90ee-e21de76b6921}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f4a8ee4-8991-41cf-8eae-18e70f279d6e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f753600-fe57-40b4-a896-3e2841534682}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{8770452f-0c1d-444a-9474-29e23ecac5c0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{89e1710d-e2b4-447d-aa2c-a085d988c074}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{91ae327d-1f5d-433f-a179-5440e5c7c126}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{997c8920-fd54-4cbd-a9dc-35f02e49091d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{9fb4dedd-6285-4e33-a4ec-c018ca889e73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{a89b61fa-5676-4f81-989d-d19ad0e5d8af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ae1d19e7-0ce8-4a38-a51c-b6c203909bf5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b07d9d29-3804-4423-885e-7587b5dc2790}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b8412bfb-eb4b-43aa-b9b4-ce3e19b19baf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ba5c303c-ab4b-48ed-93e0-d28613e2c698}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{bb1257c4-2310-4bb7-91b7-832e98755ea2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c4c7bb01-4688-4085-904a-c40197666f4f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6771431-c5e5-433a-9f76-3fe56f1c99bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6b85316-d475-45b9-9afc-4c21c7ade0fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cc75ed99-f5a6-4d54-b0d2-471120910431}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ce136395-51a2-4623-b80e-fbca55b895b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cef39d29-8d62-4bd5-a684-e5eee3965400}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{d3a35810-766a-4449-b274-5d05df60fe0b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{dfb6d729-4e4e-4f05-8fb7-aa6df6200490}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fa9c0b42-bc83-44c5-958f-6aeebebf13e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fba062fa-ad1c-4cc8-ad3a-a892dd2350db}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-11-2014 09:30:23 Configured DawnOfWar
18-11-2014 09:31:35 Removed Dawn Of War - Winter Assault
18-11-2014 09:33:30 Removed Dawn of War - Soulstorm
18-11-2014 09:34:34 Removed Dawn of War - Dark Crusade
18-11-2014 09:35:28 Removed Empire Earth - The Art of Conquest
18-11-2014 09:36:13 Removed Empire Earth
18-11-2014 09:44:22 Entfernt I Am Alive
18-11-2014 09:46:07 Removed LOST PLANET COLONIES.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B96E333-4B53-4646-BFD8-DEBF5A3E5316} - System32\Tasks\{74CBD05A-2D9C-4AC7-A526-170533981E12} => D:\Chrome SpecForce\SpecForce.exe
Task: {1F6C01A4-CD94-4834-A9CD-B772E3F72E18} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software)
Task: {3BF549C7-659F-4C31-96E3-EAF4F2A26866} - System32\Tasks\{327509F3-8BA3-4E7E-9A21-B1B328C2E194} => C:\Creeper World 3 Arc Eternal\CW3.exe
Task: {962BF8C8-6C14-4F95-AE38-CF73CFFFF50D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9EB7E2F1-A976-41D4-A3E3-49B3DDD28AF7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {B64C2150-82D2-4C98-83B7-469CB12FEFF9} - System32\Tasks\{AB82291C-06B1-4FFF-B661-D67F1257B6CA} => D:\Turok 2008\Binaries\TurokGame.exe
Task: {C88FC024-8E77-4FA7-81EA-59FF916653F2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {CC78BBCB-35A4-45FE-8051-8ACCDA93580A} - System32\Tasks\{87939DD5-0693-4AFF-A360-B9BC08DF4B51} => D:\Chrome SpecForce\SpecForce.exe
Task: {FC03E965-4CD7-44EA-9115-495AC5450AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-20 17:30 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-10 12:00 - 2012-01-09 12:38 - 00034304 _____ () C:\Windows\System32\sst6clm.dll
2013-07-21 21:39 - 2014-02-10 13:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-11 14:02 - 2013-10-11 14:02 - 00753464 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-12 23:36 - 2013-12-12 23:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libcef.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libGLESv2.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\platforms\qwindows.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libEGL.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qgif.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qico.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qjpeg.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qmng.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qtiff.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick.2\qtquick2plugin.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-24 11:23 - 2014-10-24 11:23 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQml\Models.2\modelsplugin.dll
2014-11-12 20:32 - 2014-11-12 20:32 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00117704 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-10 11:46 - 2014-08-07 09:08 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-11-10 20:08 - 2014-11-10 20:08 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

========================= Accounts: ==========================

Administrator (S-1-5-21-3639632852-3389204036-3798740433-500 - Administrator - Disabled)
Gast (S-1-5-21-3639632852-3389204036-3798740433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3639632852-3389204036-3798740433-1003 - Limited - Enabled)
Privat (S-1-5-21-3639632852-3389204036-3798740433-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 10:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:06:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/18/2014 09:55:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 09:54:34 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/17/2014 03:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: integrator.exe, Version: 13.0.4000.122, Zeitstempel: 0x5257f5ef
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x4d0
Startzeit der fehlerhaften Anwendung: 0xintegrator.exe0
Pfad der fehlerhaften Anwendung: integrator.exe1
Pfad des fehlerhaften Moduls: integrator.exe2
Berichtskennung: integrator.exe3

Error: (11/17/2014 02:38:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 02:36:41 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/17/2014 09:45:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1298
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/17/2014 07:11:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 07:10:22 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (11/18/2014 10:11:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist vom Dienst "Windows-Firewall" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/18/2014 10:07:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (11/18/2014 10:06:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01a

Error: (11/18/2014 10:06:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (11/18/2014 10:06:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist vom Dienst "Windows-Firewall" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/18/2014 10:06:28 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (11/18/2014 10:05:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/18/2014 09:58:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist vom Dienst "Windows-Firewall" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/18/2014 09:55:59 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (11/18/2014 09:54:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01a


Microsoft Office Sessions:
=========================
Error: (11/18/2014 10:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:06:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/18/2014 09:55:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 09:54:34 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/17/2014 03:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: integrator.exe13.0.4000.1225257f5efKERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d4d001d002740269e12dC:\Program Files (x86)\TuneUp Utilities 2013\integrator.exeC:\Windows\syswow64\KERNELBASE.dll8479968f-6e67-11e4-9a26-00016c6e4c57

Error: (11/17/2014 02:38:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 02:36:41 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/17/2014 09:45:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425129801d0022d90c8ecacC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1a088b3e-6e36-11e4-9e8a-00016c6e4c57

Error: (11/17/2014 07:11:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 07:10:22 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 71%
Total physical RAM: 4087.08 MB
Available physical RAM: 1169.95 MB
Total Pagefile: 8172.34 MB
Available Pagefile: 4809.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:8.3 GB) NTFS
Drive d: () (Fixed) (Total:278.32 GB) (Free:55.63 GB) NTFS
Drive e: () (Fixed) (Total:506.71 GB) (Free:110.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 79A3541B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=278.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=506.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 18.11.2014, 20:15

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Franky10 · 19.11.2014, 12:12

Code:

ATTFilter

12:08:15.0304 0x0d2c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:08:19.0001 0x0d2c  ============================================================
12:08:19.0001 0x0d2c  Current date / time: 2014/11/19 12:08:19.0001
12:08:19.0001 0x0d2c  SystemInfo:
12:08:19.0001 0x0d2c  
12:08:19.0001 0x0d2c  OS Version: 6.1.7601 ServicePack: 1.0
12:08:19.0001 0x0d2c  Product type: Workstation
12:08:19.0001 0x0d2c  ComputerName: PRIVAT-PC
12:08:19.0001 0x0d2c  UserName: Privat
12:08:19.0001 0x0d2c  Windows directory: C:\Windows
12:08:19.0001 0x0d2c  System windows directory: C:\Windows
12:08:19.0001 0x0d2c  Running under WOW64
12:08:19.0001 0x0d2c  Processor architecture: Intel x64
12:08:19.0001 0x0d2c  Number of processors: 4
12:08:19.0001 0x0d2c  Page size: 0x1000
12:08:19.0001 0x0d2c  Boot type: Normal boot
12:08:19.0001 0x0d2c  ============================================================
12:08:22.0309 0x0d2c  KLMD registered as C:\Windows\system32\drivers\79655317.sys
12:08:22.0449 0x0d2c  System UUID: {FB2A37F4-77CE-C35E-E13E-C491676505C8}
12:08:22.0855 0x0d2c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:22.0855 0x0d2c  ============================================================
12:08:22.0855 0x0d2c  \Device\Harddisk0\DR0:
12:08:22.0855 0x0d2c  MBR partitions:
12:08:22.0855 0x0d2c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:08:22.0855 0x0d2c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
12:08:22.0855 0x0d2c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x22CA4000
12:08:22.0855 0x0d2c  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3519C000, BlocksNum 0x3F56A000
12:08:22.0855 0x0d2c  ============================================================
12:08:22.0870 0x0d2c  C: <-> \Device\Harddisk0\DR0\Partition2
12:08:22.0901 0x0d2c  D: <-> \Device\Harddisk0\DR0\Partition3
12:08:23.0011 0x0d2c  E: <-> \Device\Harddisk0\DR0\Partition4
12:08:23.0011 0x0d2c  ============================================================
12:08:23.0011 0x0d2c  Initialize success
12:08:23.0011 0x0d2c  ============================================================
12:09:01.0786 0x0e2c  ============================================================
12:09:01.0786 0x0e2c  Scan started
12:09:01.0786 0x0e2c  Mode: Manual; SigCheck; TDLFS; 
12:09:01.0786 0x0e2c  ============================================================
12:09:01.0786 0x0e2c  KSN ping started
12:09:26.0512 0x0e2c  KSN ping finished: true
12:09:29.0258 0x0e2c  ================ Scan system memory ========================
12:09:29.0258 0x0e2c  System memory - ok
12:09:29.0258 0x0e2c  ================ Scan services =============================
12:09:29.0351 0x0e2c  0163371416395149mcinstcleanup - ok
12:09:29.0570 0x0e2c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:09:29.0648 0x0e2c  1394ohci - ok
12:09:29.0695 0x0e2c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:09:29.0710 0x0e2c  ACPI - ok
12:09:29.0757 0x0e2c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:09:29.0882 0x0e2c  AcpiPmi - ok
12:09:29.0975 0x0e2c  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
12:09:30.0007 0x0e2c  acsock - ok
12:09:30.0053 0x0e2c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:09:30.0069 0x0e2c  AdobeARMservice - ok
12:09:30.0163 0x0e2c  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:09:30.0178 0x0e2c  AdobeFlashPlayerUpdateSvc - ok
12:09:30.0209 0x0e2c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:09:30.0225 0x0e2c  adp94xx - ok
12:09:30.0272 0x0e2c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:09:30.0287 0x0e2c  adpahci - ok
12:09:30.0319 0x0e2c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:09:30.0334 0x0e2c  adpu320 - ok
12:09:30.0365 0x0e2c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:09:30.0397 0x0e2c  AeLookupSvc - ok
12:09:30.0443 0x0e2c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:09:30.0490 0x0e2c  AFD - ok
12:09:30.0506 0x0e2c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:09:30.0537 0x0e2c  agp440 - ok
12:09:30.0553 0x0e2c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:09:30.0568 0x0e2c  ALG - ok
12:09:30.0599 0x0e2c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:09:30.0615 0x0e2c  aliide - ok
12:09:30.0631 0x0e2c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:09:30.0631 0x0e2c  amdide - ok
12:09:30.0646 0x0e2c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:09:30.0662 0x0e2c  AmdK8 - ok
12:09:30.0677 0x0e2c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:09:30.0693 0x0e2c  AmdPPM - ok
12:09:30.0740 0x0e2c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:09:30.0740 0x0e2c  amdsata - ok
12:09:30.0771 0x0e2c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:09:30.0787 0x0e2c  amdsbs - ok
12:09:30.0802 0x0e2c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:09:30.0802 0x0e2c  amdxata - ok
12:09:30.0833 0x0e2c  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
12:09:30.0880 0x0e2c  AppID - ok
12:09:30.0880 0x0e2c  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:09:30.0896 0x0e2c  AppIDSvc - ok
12:09:30.0911 0x0e2c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:09:30.0927 0x0e2c  Appinfo - ok
12:09:30.0943 0x0e2c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:09:30.0958 0x0e2c  arc - ok
12:09:30.0958 0x0e2c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:09:30.0974 0x0e2c  arcsas - ok
12:09:31.0036 0x0e2c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:09:31.0083 0x0e2c  aspnet_state - ok
12:09:31.0099 0x0e2c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:31.0145 0x0e2c  AsyncMac - ok
12:09:31.0177 0x0e2c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:09:31.0177 0x0e2c  atapi - ok
12:09:31.0379 0x0e2c  [ 64F07381335E37C142F6D176705FFCA6, 8F7F633B891FE653D3298578897711A04E7B2B08E51CEE131C50102EFD45AC0E ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
12:09:31.0395 0x0e2c  atksgt - ok
12:09:31.0457 0x0e2c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:09:31.0520 0x0e2c  AudioEndpointBuilder - ok
12:09:31.0535 0x0e2c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:09:31.0567 0x0e2c  AudioSrv - ok
12:09:31.0598 0x0e2c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:09:31.0629 0x0e2c  AxInstSV - ok
12:09:31.0676 0x0e2c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:09:31.0707 0x0e2c  b06bdrv - ok
12:09:31.0738 0x0e2c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:09:31.0754 0x0e2c  b57nd60a - ok
12:09:31.0785 0x0e2c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:09:31.0816 0x0e2c  BDESVC - ok
12:09:31.0816 0x0e2c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:09:31.0847 0x0e2c  Beep - ok
12:09:31.0894 0x0e2c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:09:31.0925 0x0e2c  BFE - ok
12:09:31.0957 0x0e2c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:09:32.0019 0x0e2c  BITS - ok
12:09:32.0035 0x0e2c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:09:32.0050 0x0e2c  blbdrive - ok
12:09:32.0066 0x0e2c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:09:32.0097 0x0e2c  bowser - ok
12:09:32.0113 0x0e2c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:09:32.0144 0x0e2c  BrFiltLo - ok
12:09:32.0191 0x0e2c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:09:32.0237 0x0e2c  BrFiltUp - ok
12:09:32.0269 0x0e2c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:09:32.0300 0x0e2c  Browser - ok
12:09:32.0315 0x0e2c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:09:32.0347 0x0e2c  Brserid - ok
12:09:32.0362 0x0e2c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:09:32.0393 0x0e2c  BrSerWdm - ok
12:09:32.0409 0x0e2c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:09:32.0425 0x0e2c  BrUsbMdm - ok
12:09:32.0440 0x0e2c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:09:32.0456 0x0e2c  BrUsbSer - ok
12:09:32.0503 0x0e2c  [ 832708C45519A22C1DCB79E821EE0FCB, 1D820E3E0FC010E84002EF8EC9EED90156BD05BD1277E28721C39814AC590A35 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:09:32.0518 0x0e2c  BstHdAndroidSvc - ok
12:09:32.0534 0x0e2c  [ 3DB06068F75B6D75EC16BC26FB585AA6, E272535749F7CF0F60F4085EEFB75B37ECDF866EF383DC52B15DAEE279DEAC9E ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:09:32.0549 0x0e2c  BstHdDrv - ok
12:09:32.0565 0x0e2c  [ 6BC612284E3B76FA4D964EB85E5D142D, 483E779DE5555DA0295B22E2A3F0FEFD075D5DA769CFF2F21CE7DD1A6D71BF80 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:09:32.0581 0x0e2c  BstHdLogRotatorSvc - ok
12:09:32.0612 0x0e2c  [ A1A665A58A95BD87208199A99686CC4E, 4FDC42ED67D49575C06235AA2A65260D886A058E205A574D85433BA8053F5CEF ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
12:09:32.0643 0x0e2c  BstHdUpdaterSvc - ok
12:09:32.0674 0x0e2c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:09:32.0690 0x0e2c  BTHMODEM - ok
12:09:32.0705 0x0e2c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:09:32.0737 0x0e2c  bthserv - ok
12:09:32.0768 0x0e2c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:09:32.0799 0x0e2c  cdfs - ok
12:09:32.0815 0x0e2c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:09:32.0846 0x0e2c  cdrom - ok
12:09:32.0924 0x0e2c  [ 535161133C9533C9A83B727B1E78BE44, CEDC6E8486E515D7A28EE396B90CD8D7B991D176E34B5DE81AA90D0CD018C8C3 ] CEDRIVER60      C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys
12:09:32.0939 0x0e2c  CEDRIVER60 - ok
12:09:32.0971 0x0e2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:09:33.0017 0x0e2c  CertPropSvc - ok
12:09:33.0064 0x0e2c  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\Windows\system32\drivers\cfwids.sys
12:09:33.0111 0x0e2c  cfwids - ok
12:09:33.0189 0x0e2c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:09:33.0267 0x0e2c  circlass - ok
12:09:33.0298 0x0e2c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:09:33.0361 0x0e2c  CLFS - ok
12:09:33.0548 0x0e2c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:09:33.0641 0x0e2c  clr_optimization_v2.0.50727_32 - ok
12:09:33.0751 0x0e2c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:09:33.0797 0x0e2c  clr_optimization_v2.0.50727_64 - ok
12:09:33.0938 0x1830  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
12:09:33.0969 0x0e2c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:09:34.0250 0x0e2c  clr_optimization_v4.0.30319_32 - ok
12:09:34.0328 0x0e2c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:09:34.0421 0x0e2c  clr_optimization_v4.0.30319_64 - ok
12:09:34.0468 0x0e2c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:09:34.0484 0x0e2c  CmBatt - ok
12:09:34.0499 0x0e2c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:09:34.0499 0x0e2c  cmdide - ok
12:09:34.0546 0x0e2c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:09:34.0562 0x0e2c  CNG - ok
12:09:34.0577 0x0e2c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:09:34.0593 0x0e2c  Compbatt - ok
12:09:34.0624 0x0e2c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:09:34.0640 0x0e2c  CompositeBus - ok
12:09:34.0655 0x0e2c  COMSysApp - ok
12:09:34.0671 0x0e2c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:09:34.0687 0x0e2c  crcdisk - ok
12:09:34.0718 0x0e2c  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:09:34.0749 0x0e2c  CryptSvc - ok
12:09:34.0780 0x0e2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:09:34.0811 0x0e2c  DcomLaunch - ok
12:09:34.0827 0x0e2c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:09:34.0874 0x0e2c  defragsvc - ok
12:09:34.0905 0x0e2c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:09:34.0952 0x0e2c  DfsC - ok
12:09:34.0983 0x0e2c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:09:35.0014 0x0e2c  Dhcp - ok
12:09:35.0014 0x0e2c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:09:35.0045 0x0e2c  discache - ok
12:09:35.0061 0x0e2c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:09:35.0077 0x0e2c  Disk - ok
12:09:35.0092 0x0e2c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:09:35.0123 0x0e2c  Dnscache - ok
12:09:35.0139 0x0e2c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:09:35.0186 0x0e2c  dot3svc - ok
12:09:35.0201 0x0e2c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:09:35.0233 0x0e2c  DPS - ok
12:09:35.0264 0x0e2c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:09:35.0279 0x0e2c  drmkaud - ok
12:09:35.0311 0x0e2c  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:09:35.0326 0x0e2c  dtsoftbus01 - ok
12:09:35.0373 0x0e2c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:09:35.0404 0x0e2c  DXGKrnl - ok
12:09:35.0435 0x0e2c  [ 324FCD2DD8A4229DDEF3CC954FF12FA5, B5A5D8839846B31752C20819636940E85BCA0CE7110A83220676D9FB3C1B3EF0 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
12:09:35.0451 0x0e2c  e1kexpress - ok
12:09:35.0467 0x0e2c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:09:35.0513 0x0e2c  EapHost - ok
12:09:35.0591 0x0e2c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:09:35.0701 0x0e2c  ebdrv - ok
12:09:35.0716 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:09:35.0747 0x0e2c  EFS - ok
12:09:35.0825 0x0e2c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:09:35.0857 0x0e2c  ehRecvr - ok
12:09:35.0888 0x0e2c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:09:35.0903 0x0e2c  ehSched - ok
12:09:35.0935 0x0e2c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:09:35.0966 0x0e2c  elxstor - ok
12:09:35.0981 0x0e2c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:09:35.0981 0x0e2c  ErrDev - ok
12:09:36.0028 0x0e2c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:09:36.0059 0x0e2c  EventSystem - ok
12:09:36.0091 0x0e2c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:09:36.0122 0x0e2c  exfat - ok
12:09:36.0137 0x0e2c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:09:36.0184 0x0e2c  fastfat - ok
12:09:36.0215 0x0e2c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:09:36.0262 0x0e2c  Fax - ok
12:09:36.0293 0x0e2c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:09:36.0309 0x0e2c  fdc - ok
12:09:36.0325 0x0e2c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:09:36.0356 0x0e2c  fdPHost - ok
12:09:36.0356 0x0e2c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:09:36.0403 0x0e2c  FDResPub - ok
12:09:36.0403 0x0e2c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:09:36.0418 0x0e2c  FileInfo - ok
12:09:36.0434 0x0e2c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:09:36.0465 0x0e2c  Filetrace - ok
12:09:36.0481 0x0e2c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:09:36.0496 0x0e2c  flpydisk - ok
12:09:36.0512 0x0e2c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:09:36.0527 0x0e2c  FltMgr - ok
12:09:36.0574 0x0e2c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:09:36.0621 0x0e2c  FontCache - ok
12:09:36.0652 0x0e2c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:09:36.0668 0x0e2c  FontCache3.0.0.0 - ok
12:09:36.0683 0x0e2c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:09:36.0699 0x0e2c  FsDepends - ok
12:09:36.0715 0x0e2c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:09:36.0715 0x0e2c  Fs_Rec - ok
12:09:36.0730 0x1830  Object send P2P result: true
12:09:36.0730 0x0e2c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:09:36.0746 0x0e2c  fvevol - ok
12:09:36.0761 0x0e2c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:09:36.0777 0x0e2c  gagp30kx - ok
12:09:36.0808 0x0e2c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:09:36.0871 0x0e2c  gpsvc - ok
12:09:36.0886 0x0e2c  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:09:36.0902 0x0e2c  hamachi - ok
12:09:37.0027 0x0e2c  [ 72BE101788DD12A08ABF63AF801BE3B7, 9AFE6AB040C239E26B820520470DEDA449F47AAC70C295DC69F90BF8A2CBA69A ] Hamachi2Svc     C:\LogMeIn Hamachi\hamachi-2.exe
12:09:37.0073 0x0e2c  Hamachi2Svc - ok
12:09:37.0105 0x0e2c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:09:37.0136 0x0e2c  hcw85cir - ok
12:09:37.0183 0x0e2c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:09:37.0198 0x0e2c  HdAudAddService - ok
12:09:37.0214 0x0e2c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:09:37.0245 0x0e2c  HDAudBus - ok
12:09:37.0245 0x0e2c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:09:37.0261 0x0e2c  HidBatt - ok
12:09:37.0276 0x0e2c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:09:37.0292 0x0e2c  HidBth - ok
12:09:37.0307 0x0e2c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:09:37.0339 0x0e2c  HidIr - ok
12:09:37.0354 0x0e2c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:09:37.0385 0x0e2c  hidserv - ok
12:09:37.0401 0x0e2c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:09:37.0417 0x0e2c  HidUsb - ok
12:09:37.0463 0x0e2c  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
12:09:37.0479 0x0e2c  HipShieldK - ok
12:09:37.0495 0x0e2c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:09:37.0526 0x0e2c  hkmsvc - ok
12:09:37.0541 0x0e2c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:09:37.0573 0x0e2c  HomeGroupListener - ok
12:09:37.0588 0x0e2c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:09:37.0619 0x0e2c  HomeGroupProvider - ok
12:09:37.0682 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:37.0697 0x0e2c  HomeNetSvc - ok
12:09:37.0729 0x0e2c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:09:37.0744 0x0e2c  HpSAMD - ok
12:09:37.0775 0x0e2c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:09:37.0822 0x0e2c  HTTP - ok
12:09:37.0838 0x0e2c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:09:37.0853 0x0e2c  hwpolicy - ok
12:09:37.0869 0x0e2c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:09:37.0885 0x0e2c  i8042prt - ok
12:09:37.0900 0x0e2c  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044, 0486DDD6EC60A9695BC8D030158503E02BB0561EEA4B9F4A7FB19F89B3622C90 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
12:09:37.0916 0x0e2c  iaStorA - ok
12:09:37.0963 0x0e2c  [ 777788D9B63CCEEEF2DB353BA4EDD454, 36A3099C252F1F18D09A8B03A4F103E5E8AF09C80AB4F08133CCD4D3BB71EE25 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:09:37.0978 0x0e2c  IAStorDataMgrSvc - ok
12:09:37.0978 0x0e2c  [ 711241EA1BA9DB44F34D03D2AD00ED08, D23AA8D0495F2783E0395F0E1266A9781BED3FD0504712F9B9D30B88411514B5 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
12:09:37.0994 0x0e2c  iaStorF - ok
12:09:38.0009 0x0e2c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:09:38.0025 0x0e2c  iaStorV - ok
12:09:38.0134 0x0e2c  [ 829EA5ECCAA623279D94EAEE3B5AD140, 2D40536146203079BDD31B0A86E442CE896DAF08F8AC7ACF77E38BC85BB179A4 ] IconMan_R       C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe
12:09:38.0197 0x0e2c  IconMan_R - ok
12:09:38.0243 0x0e2c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:09:38.0275 0x0e2c  idsvc - ok
12:09:38.0399 0x0e2c  IEEtwCollectorService - ok
12:09:38.0493 0x0e2c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:09:38.0540 0x0e2c  iirsp - ok
12:09:38.0587 0x0e2c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:09:38.0618 0x0e2c  IKEEXT - ok
12:09:38.0727 0x0e2c  [ DBB365794DD346C9466F05C8D4CB3D25, 9976B2D049A0288CECF1644DA723ED3466EC127C8508CC3713D40DF828D0D7F0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:09:38.0805 0x0e2c  IntcAzAudAddService - ok
12:09:38.0852 0x0e2c  [ 7F8C8EBD02EBDF83C9E9E9F8BDB1F579, B527CF0BDF989F7555C41558B8A19050134CE48445D993D7A9230BD083F02040 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
12:09:38.0867 0x0e2c  Intel(R) PROSet Monitoring Service - ok
12:09:38.0883 0x0e2c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:09:38.0899 0x0e2c  intelide - ok
12:09:38.0914 0x0e2c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:09:38.0930 0x0e2c  intelppm - ok
12:09:38.0945 0x0e2c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:09:38.0977 0x0e2c  IPBusEnum - ok
12:09:39.0008 0x0e2c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:39.0055 0x0e2c  IpFilterDriver - ok
12:09:39.0086 0x0e2c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:09:39.0117 0x0e2c  iphlpsvc - ok
12:09:39.0133 0x0e2c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:09:39.0148 0x0e2c  IPMIDRV - ok
12:09:39.0164 0x0e2c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:09:39.0211 0x0e2c  IPNAT - ok
12:09:39.0226 0x0e2c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:09:39.0242 0x0e2c  IRENUM - ok
12:09:39.0257 0x0e2c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:09:39.0273 0x0e2c  isapnp - ok
12:09:39.0304 0x0e2c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:09:39.0320 0x0e2c  iScsiPrt - ok
12:09:39.0351 0x0e2c  [ 73A968D4A85BB2552DDCF72CB15F06D2, 9614AA873F761206D725327499C63A6D83FF4FF1740D046C483A2676E35A2280 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
12:09:39.0367 0x0e2c  JRAID - ok
12:09:39.0382 0x0e2c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:09:39.0382 0x0e2c  kbdclass - ok
12:09:39.0398 0x0e2c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:09:39.0413 0x0e2c  kbdhid - ok
12:09:39.0429 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:09:39.0429 0x0e2c  KeyIso - ok
12:09:39.0445 0x0e2c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:09:39.0460 0x0e2c  KSecDD - ok
12:09:39.0491 0x0e2c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:09:39.0507 0x0e2c  KSecPkg - ok
12:09:39.0523 0x0e2c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:09:39.0554 0x0e2c  ksthunk - ok
12:09:39.0601 0x0e2c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:09:39.0663 0x0e2c  KtmRm - ok
12:09:39.0803 0x0e2c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:09:39.0881 0x0e2c  LanmanServer - ok
12:09:39.0928 0x0e2c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:09:39.0959 0x0e2c  LanmanWorkstation - ok
12:09:39.0975 0x0e2c  [ 83BA097ACAAD0B00505634A62D90F93A, 6F1FE2F413A4A939D2D921F537EBB9330E2A65A7C38BD380CF9405792FD03052 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
12:09:39.0991 0x0e2c  lirsgt - ok
12:09:40.0022 0x0e2c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:09:40.0053 0x0e2c  lltdio - ok
12:09:40.0084 0x0e2c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:09:40.0131 0x0e2c  lltdsvc - ok
12:09:40.0131 0x0e2c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:09:40.0162 0x0e2c  lmhosts - ok
12:09:40.0178 0x0e2c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:09:40.0193 0x0e2c  LSI_FC - ok
12:09:40.0225 0x0e2c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:09:40.0240 0x0e2c  LSI_SAS - ok
12:09:40.0256 0x0e2c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:09:40.0271 0x0e2c  LSI_SAS2 - ok
12:09:40.0287 0x0e2c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:09:40.0303 0x0e2c  LSI_SCSI - ok
12:09:40.0318 0x0e2c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:09:40.0349 0x0e2c  luafv - ok
12:09:40.0381 0x0e2c  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:09:40.0396 0x0e2c  McAfee SiteAdvisor Service - ok
12:09:40.0427 0x0e2c  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
12:09:40.0427 0x0e2c  McAPExe - ok
12:09:40.0459 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:40.0474 0x0e2c  McMPFSvc - ok
12:09:40.0490 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:40.0505 0x0e2c  McNaiAnn - ok
12:09:40.0552 0x0e2c  [ 1817FCB59F1832BC5387EC10838FC1BF, F0950EEEF5285C1C21E0C5BAFAFA44302E901EB8466427FA6AA3F1709B4D5A21 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
12:09:40.0568 0x0e2c  McODS - ok
12:09:40.0583 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:40.0599 0x0e2c  mcpltsvc - ok
12:09:40.0615 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:40.0630 0x0e2c  McProxy - ok
12:09:40.0646 0x0e2c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:09:40.0661 0x0e2c  Mcx2Svc - ok
12:09:40.0677 0x0e2c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:09:40.0693 0x0e2c  megasas - ok
12:09:40.0724 0x0e2c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:09:40.0739 0x0e2c  MegaSR - ok
12:09:40.0771 0x0e2c  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
12:09:40.0786 0x0e2c  mfeapfk - ok
12:09:40.0817 0x0e2c  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
12:09:40.0833 0x0e2c  mfeavfk - ok
12:09:40.0880 0x0e2c  [ C83EBEE66A2754CEE5B05699A42F728B, 1D739A505AEC1F40CC8CB86D01BDCEC0E29002A609FDA96CEF3531285E8261B9 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
12:09:40.0911 0x0e2c  mfecore - ok
12:09:40.0958 0x0e2c  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:09:40.0973 0x0e2c  mfefire - ok
12:09:40.0989 0x0e2c  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
12:09:41.0005 0x0e2c  mfefirek - ok
12:09:41.0051 0x0e2c  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
12:09:41.0083 0x0e2c  mfehidk - ok
12:09:41.0161 0x0e2c  [ 93712907DEE6FFBD8A4016ECBB250DCD, FB3673BA495EF1301C4BA75B457493D9B1D5AE52642A04473575CABC1EC6EDFD ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
12:09:41.0176 0x0e2c  mfencbdc - ok
12:09:41.0192 0x0e2c  [ E97EE1F31F7E5349A06CE089658DA8A1, 8136155C734457E422331B3CBE67927C45FAB10B9B34789A612B58CF0E0E3BEC ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
12:09:41.0207 0x0e2c  mfencrk - ok
12:09:41.0239 0x0e2c  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\Windows\system32\mfevtps.exe
12:09:41.0254 0x0e2c  mfevtp - ok
12:09:41.0270 0x0e2c  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
12:09:41.0301 0x0e2c  mfewfpk - ok
12:09:41.0317 0x0e2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:09:41.0348 0x0e2c  MMCSS - ok
12:09:41.0363 0x0e2c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:09:41.0395 0x0e2c  Modem - ok
12:09:41.0410 0x0e2c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:09:41.0410 0x0e2c  monitor - ok
12:09:41.0441 0x0e2c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:09:41.0441 0x0e2c  mouclass - ok
12:09:41.0457 0x0e2c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:09:41.0473 0x0e2c  mouhid - ok
12:09:41.0488 0x0e2c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:09:41.0504 0x0e2c  mountmgr - ok
12:09:41.0535 0x0e2c  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:09:41.0551 0x0e2c  MozillaMaintenance - ok
12:09:41.0566 0x0e2c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:09:41.0582 0x0e2c  mpio - ok
12:09:41.0597 0x0e2c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:09:41.0629 0x0e2c  mpsdrv - ok
12:09:41.0660 0x0e2c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:09:41.0707 0x0e2c  MpsSvc - ok
12:09:41.0738 0x0e2c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:09:41.0785 0x0e2c  MRxDAV - ok
12:09:41.0800 0x0e2c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:41.0816 0x0e2c  mrxsmb - ok
12:09:41.0831 0x0e2c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:41.0847 0x0e2c  mrxsmb10 - ok
12:09:41.0847 0x0e2c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:41.0878 0x0e2c  mrxsmb20 - ok
12:09:41.0878 0x0e2c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:09:41.0894 0x0e2c  msahci - ok
12:09:41.0909 0x0e2c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:09:41.0925 0x0e2c  msdsm - ok
12:09:41.0941 0x0e2c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:09:41.0956 0x0e2c  MSDTC - ok
12:09:41.0987 0x0e2c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:09:42.0019 0x0e2c  Msfs - ok
12:09:42.0019 0x0e2c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:09:42.0050 0x0e2c  mshidkmdf - ok
12:09:42.0050 0x0e2c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:09:42.0065 0x0e2c  msisadrv - ok
12:09:42.0081 0x0e2c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:09:42.0128 0x0e2c  MSiSCSI - ok
12:09:42.0128 0x0e2c  msiserver - ok
12:09:42.0175 0x0e2c  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:09:42.0175 0x0e2c  MSK80Service - ok
12:09:42.0206 0x0e2c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:09:42.0237 0x0e2c  MSKSSRV - ok
12:09:42.0253 0x0e2c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:09:42.0284 0x0e2c  MSPCLOCK - ok
12:09:42.0299 0x0e2c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:09:42.0346 0x0e2c  MSPQM - ok
12:09:42.0362 0x0e2c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:09:42.0377 0x0e2c  MsRPC - ok
12:09:42.0393 0x0e2c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:09:42.0393 0x0e2c  mssmbios - ok
12:09:42.0409 0x0e2c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:09:42.0440 0x0e2c  MSTEE - ok
12:09:42.0455 0x0e2c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:09:42.0455 0x0e2c  MTConfig - ok
12:09:42.0471 0x0e2c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:09:42.0471 0x0e2c  Mup - ok
12:09:42.0502 0x0e2c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:09:42.0549 0x0e2c  napagent - ok
12:09:42.0580 0x0e2c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:09:42.0627 0x0e2c  NativeWifiP - ok
12:09:42.0658 0x0e2c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:09:42.0689 0x0e2c  NDIS - ok
12:09:42.0705 0x0e2c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:09:42.0736 0x0e2c  NdisCap - ok
12:09:42.0767 0x0e2c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:09:42.0799 0x0e2c  NdisTapi - ok
12:09:42.0799 0x0e2c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:09:42.0830 0x0e2c  Ndisuio - ok
12:09:42.0830 0x0e2c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:42.0861 0x0e2c  NdisWan - ok
12:09:42.0877 0x0e2c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:09:42.0908 0x0e2c  NDProxy - ok
12:09:42.0908 0x0e2c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:09:42.0939 0x0e2c  NetBIOS - ok
12:09:42.0955 0x0e2c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:09:42.0986 0x0e2c  NetBT - ok
12:09:42.0986 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:09:43.0001 0x0e2c  Netlogon - ok
12:09:43.0033 0x0e2c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:09:43.0079 0x0e2c  Netman - ok
12:09:43.0126 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:09:43.0142 0x0e2c  NetMsmqActivator - ok
12:09:43.0157 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:09:43.0173 0x0e2c  NetPipeActivator - ok
12:09:43.0204 0x0e2c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:09:43.0235 0x0e2c  netprofm - ok
12:09:43.0235 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:09:43.0251 0x0e2c  NetTcpActivator - ok
12:09:43.0267 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:09:43.0267 0x0e2c  NetTcpPortSharing - ok
12:09:43.0298 0x0e2c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:09:43.0313 0x0e2c  nfrd960 - ok
12:09:43.0329 0x0e2c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:09:43.0345 0x0e2c  NlaSvc - ok
12:09:43.0360 0x0e2c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:09:43.0376 0x0e2c  Npfs - ok
12:09:43.0391 0x0e2c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:09:43.0423 0x0e2c  nsi - ok
12:09:43.0438 0x0e2c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:09:43.0469 0x0e2c  nsiproxy - ok
12:09:43.0516 0x0e2c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:09:43.0563 0x0e2c  Ntfs - ok
12:09:43.0579 0x0e2c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:09:43.0610 0x0e2c  Null - ok
12:09:43.0922 0x0e2c  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:09:44.0203 0x0e2c  nvlddmkm - ok
12:09:44.0312 0x0e2c  [ D6310F79E51D1F997E964E81DD368AEA, 27D0159F45C712C6165FDB9F40823438225555E71BB01E3B55F5B5D7BE15D389 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:09:44.0343 0x0e2c  NvNetworkService - ok
12:09:44.0374 0x0e2c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:09:44.0390 0x0e2c  nvraid - ok
12:09:44.0405 0x0e2c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:09:44.0405 0x0e2c  nvstor - ok
12:09:44.0468 0x0e2c  [ 0FB368E71D9F178BCFC7F0BBA317FECA, 97FA87219E95ED53B5E0B0D3305326DD950EE5CEECDC051E7DC7E9BA05CEB214 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:09:44.0483 0x0e2c  NvStreamKms - ok
12:09:44.0936 0x0e2c  [ AEC2796DF28AB7494A0C688E40D7B38C, B5B495259489B7A49EA4243EEF13BF598EC5791E0FD59FAB4227C906D635D09E ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
12:09:45.0357 0x0e2c  NvStreamSvc - ok
12:09:45.0419 0x0e2c  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:09:45.0451 0x0e2c  nvsvc - ok
12:09:45.0513 0x0e2c  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:09:45.0513 0x0e2c  nvvad_WaveExtensible - ok
12:09:45.0544 0x0e2c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:09:45.0560 0x0e2c  nv_agp - ok
12:09:45.0575 0x0e2c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:09:45.0591 0x0e2c  ohci1394 - ok
12:09:45.0622 0x0e2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:09:45.0653 0x0e2c  p2pimsvc - ok
12:09:45.0669 0x0e2c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:09:45.0700 0x0e2c  p2psvc - ok
12:09:45.0716 0x0e2c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:09:45.0731 0x0e2c  Parport - ok
12:09:45.0763 0x0e2c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:09:45.0763 0x0e2c  partmgr - ok
12:09:45.0794 0x0e2c  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:09:45.0825 0x0e2c  PcaSvc - ok
12:09:45.0825 0x0e2c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:09:45.0841 0x0e2c  pci - ok
12:09:45.0856 0x0e2c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:09:45.0872 0x0e2c  pciide - ok
12:09:45.0887 0x0e2c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:09:45.0903 0x0e2c  pcmcia - ok
12:09:45.0919 0x0e2c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:09:45.0919 0x0e2c  pcw - ok
12:09:45.0950 0x0e2c  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:09:45.0981 0x0e2c  PEAUTH - ok
12:09:46.0043 0x0e2c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:09:46.0075 0x0e2c  PerfHost - ok
12:09:46.0121 0x0e2c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:09:46.0184 0x0e2c  pla - ok
12:09:46.0231 0x0e2c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:09:46.0262 0x0e2c  PlugPlay - ok
12:09:46.0277 0x0e2c  PnkBstrA - ok
12:09:46.0277 0x0e2c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:09:46.0293 0x0e2c  PNRPAutoReg - ok
12:09:46.0309 0x0e2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:09:46.0324 0x0e2c  PNRPsvc - ok
12:09:46.0355 0x0e2c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:09:46.0387 0x0e2c  PolicyAgent - ok
12:09:46.0418 0x0e2c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:09:46.0449 0x0e2c  Power - ok
12:09:46.0480 0x0e2c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:09:46.0527 0x0e2c  PptpMiniport - ok
12:09:46.0543 0x0e2c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:09:46.0574 0x0e2c  Processor - ok
12:09:46.0589 0x0e2c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:09:46.0605 0x0e2c  ProfSvc - ok
12:09:46.0621 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:09:46.0636 0x0e2c  ProtectedStorage - ok
12:09:46.0652 0x0e2c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:09:46.0683 0x0e2c  Psched - ok
12:09:46.0730 0x0e2c  [ 86154F3A156FA2A5429C2940C69F426F, 3D4F404E792CC016BD504A820D221E6A548C699DC33B5D484EF6BCD9962AE2A1 ] PsSdk41         C:\Windows\system32\Drivers\pssdk41.sys
12:09:46.0730 0x0e2c  PsSdk41 - ok
12:09:46.0777 0x0e2c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:09:46.0823 0x0e2c  ql2300 - ok
12:09:46.0839 0x0e2c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:09:46.0855 0x0e2c  ql40xx - ok
12:09:46.0870 0x0e2c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:09:46.0886 0x0e2c  QWAVE - ok
12:09:46.0901 0x0e2c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:09:46.0917 0x0e2c  QWAVEdrv - ok
12:09:46.0933 0x0e2c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:09:46.0964 0x0e2c  RasAcd - ok
12:09:46.0995 0x0e2c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:09:47.0026 0x0e2c  RasAgileVpn - ok
12:09:47.0057 0x0e2c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:09:47.0089 0x0e2c  RasAuto - ok
12:09:47.0089 0x0e2c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:09:47.0120 0x0e2c  Rasl2tp - ok
12:09:47.0151 0x0e2c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:09:47.0182 0x0e2c  RasMan - ok
12:09:47.0198 0x0e2c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:09:47.0229 0x0e2c  RasPppoe - ok
12:09:47.0245 0x0e2c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:09:47.0276 0x0e2c  RasSstp - ok
12:09:47.0291 0x0e2c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:09:47.0338 0x0e2c  rdbss - ok
12:09:47.0338 0x0e2c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:09:47.0369 0x0e2c  rdpbus - ok
12:09:47.0385 0x0e2c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:09:47.0416 0x0e2c  RDPCDD - ok
12:09:47.0416 0x0e2c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:09:47.0447 0x0e2c  RDPENCDD - ok
12:09:47.0463 0x0e2c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:09:47.0494 0x0e2c  RDPREFMP - ok
12:09:47.0510 0x0e2c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:09:47.0525 0x0e2c  RDPWD - ok
12:09:47.0557 0x0e2c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:09:47.0572 0x0e2c  rdyboost - ok
12:09:47.0588 0x0e2c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:09:47.0619 0x0e2c  RemoteAccess - ok
12:09:47.0635 0x0e2c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:09:47.0666 0x0e2c  RemoteRegistry - ok
12:09:47.0681 0x0e2c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:09:47.0713 0x0e2c  RpcEptMapper - ok
12:09:47.0728 0x0e2c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:09:47.0744 0x0e2c  RpcLocator - ok
12:09:47.0759 0x0e2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:09:47.0806 0x0e2c  RpcSs - ok
12:09:47.0806 0x0e2c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:09:47.0837 0x0e2c  rspndr - ok
12:09:47.0869 0x0e2c  [ FC009873CBC12CC6D7045D803D8E8CD3, 00452A8180D96C5C3AAB833F27B6FEAD619AA54E38F8DED2706DE60F6366B662 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:09:47.0900 0x0e2c  RSUSBSTOR - ok
12:09:47.0915 0x0e2c  RTL8192cu - ok
12:09:47.0931 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:09:47.0947 0x0e2c  SamSs - ok
12:09:47.0947 0x0e2c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:09:47.0962 0x0e2c  sbp2port - ok
12:09:47.0993 0x0e2c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:09:48.0040 0x0e2c  SCardSvr - ok
12:09:48.0040 0x0e2c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:09:48.0071 0x0e2c  scfilter - ok
12:09:48.0103 0x0e2c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:09:48.0165 0x0e2c  Schedule - ok
12:09:48.0181 0x0e2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:09:48.0212 0x0e2c  SCPolicySvc - ok
12:09:48.0227 0x0e2c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:09:48.0259 0x0e2c  SDRSVC - ok
12:09:48.0290 0x0e2c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:09:48.0305 0x0e2c  secdrv - ok
12:09:48.0321 0x0e2c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:09:48.0352 0x0e2c  seclogon - ok
12:09:48.0368 0x0e2c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:09:48.0399 0x0e2c  SENS - ok
12:09:48.0415 0x0e2c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:09:48.0430 0x0e2c  SensrSvc - ok
12:09:48.0461 0x0e2c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:09:48.0477 0x0e2c  Serenum - ok
12:09:48.0493 0x0e2c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:09:48.0508 0x0e2c  Serial - ok
12:09:48.0524 0x0e2c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:09:48.0539 0x0e2c  sermouse - ok
12:09:48.0555 0x0e2c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:09:48.0586 0x0e2c  SessionEnv - ok
12:09:48.0617 0x0e2c  [ DDA1B38A59DE5096E2619D4CFDE01F4A, 95E2244EC8FD87741169B75A25458C788A9355EBC7D12C5CD6509DBBB89D4EE6 ] sfdrv01a        C:\Windows\system32\drivers\sfdrv01a.sys
12:09:48.0633 0x0e2c  sfdrv01a - ok
12:09:48.0649 0x0e2c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:09:48.0664 0x0e2c  sffdisk - ok
12:09:48.0664 0x0e2c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:09:48.0695 0x0e2c  sffp_mmc - ok
12:09:48.0695 0x0e2c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:09:48.0711 0x0e2c  sffp_sd - ok
12:09:48.0727 0x0e2c  [ 17F6BD95BF04B924F4C05CE78BEF8AE6, 68D38DC04349DA476B62F853B165EE6B6F42054BCAF2B8F615A6E6BAACD35EB4 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
12:09:48.0727 0x0e2c  sfhlp02 - ok
12:09:48.0742 0x0e2c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:09:48.0758 0x0e2c  sfloppy - ok
12:09:48.0789 0x0e2c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:09:48.0820 0x0e2c  SharedAccess - ok
12:09:48.0851 0x0e2c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:09:48.0883 0x0e2c  ShellHWDetection - ok
12:09:48.0883 0x0e2c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:09:48.0898 0x0e2c  SiSRaid2 - ok
12:09:48.0914 0x0e2c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:09:48.0914 0x0e2c  SiSRaid4 - ok
12:09:48.0945 0x0e2c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:09:48.0976 0x0e2c  Smb - ok
12:09:48.0992 0x0e2c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:09:49.0007 0x0e2c  SNMPTRAP - ok
12:09:49.0007 0x0e2c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:09:49.0023 0x0e2c  spldr - ok
12:09:49.0039 0x0e2c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:09:49.0070 0x0e2c  Spooler - ok
12:09:49.0163 0x0e2c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:09:49.0273 0x0e2c  sppsvc - ok
12:09:49.0288 0x0e2c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:09:49.0319 0x0e2c  sppuinotify - ok
12:09:49.0351 0x0e2c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:09:49.0397 0x0e2c  srv - ok
12:09:49.0397 0x0e2c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:09:49.0429 0x0e2c  srv2 - ok
12:09:49.0429 0x0e2c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:09:49.0444 0x0e2c  srvnet - ok
12:09:49.0475 0x0e2c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:09:49.0507 0x0e2c  SSDPSRV - ok
12:09:49.0538 0x0e2c  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
12:09:49.0538 0x0e2c  SSPORT - ok
12:09:49.0553 0x0e2c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:09:49.0600 0x0e2c  SstpSvc - ok
12:09:49.0647 0x0e2c  [ 7A04FB623BE442450E716AA2A5476BE1, A24AD210F545460E0E0EE8F09991E665B34DCE2EF5EC6D495E314ADBB88B18D5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:09:49.0678 0x0e2c  Steam Client Service - ok
12:09:49.0725 0x0e2c  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:09:49.0756 0x0e2c  Stereo Service - ok
12:09:49.0756 0x0e2c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:09:49.0772 0x0e2c  stexstor - ok
12:09:49.0819 0x0e2c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:09:49.0850 0x0e2c  stisvc - ok
12:09:49.0865 0x0e2c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:09:49.0881 0x0e2c  swenum - ok
12:09:49.0897 0x0e2c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:09:49.0943 0x0e2c  swprv - ok
12:09:49.0990 0x0e2c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:09:50.0053 0x0e2c  SysMain - ok
12:09:50.0068 0x0e2c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:09:50.0084 0x0e2c  TabletInputService - ok
12:09:50.0099 0x0e2c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:09:50.0146 0x0e2c  TapiSrv - ok
12:09:50.0146 0x0e2c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:09:50.0177 0x0e2c  TBS - ok
12:09:50.0240 0x0e2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:09:50.0302 0x0e2c  Tcpip - ok
12:09:50.0349 0x0e2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:09:50.0411 0x0e2c  TCPIP6 - ok
12:09:50.0427 0x0e2c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:09:50.0443 0x0e2c  tcpipreg - ok
12:09:50.0458 0x0e2c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:09:50.0474 0x0e2c  TDPIPE - ok
12:09:50.0489 0x0e2c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:09:50.0489 0x0e2c  TDTCP - ok
12:09:50.0505 0x0e2c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:09:50.0536 0x0e2c  tdx - ok
12:09:50.0692 0x0e2c  [ CC907C2FB839D3F92690A25FF8E463BE, 3CEE9BEA1ACB1086389AA4817D996431716EFEB4432EC4D59EEF1BA710C15B8C ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
12:09:50.0817 0x0e2c  TeamViewer9 - ok
12:09:50.0833 0x0e2c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:09:50.0848 0x0e2c  TermDD - ok
12:09:50.0895 0x0e2c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:09:50.0942 0x0e2c  TermService - ok
12:09:50.0957 0x0e2c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:09:50.0973 0x0e2c  Themes - ok
12:09:50.0989 0x0e2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:09:51.0004 0x0e2c  THREADORDER - ok
12:09:51.0035 0x0e2c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:09:51.0082 0x0e2c  TrkWks - ok
12:09:51.0113 0x0e2c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:09:51.0145 0x0e2c  TrustedInstaller - ok
12:09:51.0160 0x0e2c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:09:51.0160 0x0e2c  tssecsrv - ok
12:09:51.0191 0x0e2c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:09:51.0238 0x0e2c  TsUsbFlt - ok
12:09:51.0254 0x0e2c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:09:51.0269 0x0e2c  TsUsbGD - ok
12:09:51.0363 0x0e2c  [ 89823511CF5EB61BC9B3F17C3E5C9BE9, 16684659098DBD33A99B68CB28AC9FA1AB7245EC1DD4A5840B8EB34F5A4EA0A4 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
12:09:51.0425 0x0e2c  TuneUp.UtilitiesSvc - ok
12:09:51.0472 0x0e2c  [ 7BC3381C0713F613B31ACDE38B71CB53, 275A6CB6A6157270C35FD7D6213D0D99030AEE5AE852E0D929CBE879C63FAB2F ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
12:09:51.0472 0x0e2c  TuneUpUtilitiesDrv - ok
12:09:51.0503 0x0e2c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:09:51.0535 0x0e2c  tunnel - ok
12:09:51.0550 0x0e2c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:09:51.0550 0x0e2c  uagp35 - ok
12:09:51.0566 0x0e2c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:09:51.0613 0x0e2c  udfs - ok
12:09:51.0628 0x0e2c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:09:51.0644 0x0e2c  UI0Detect - ok
12:09:51.0675 0x0e2c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:09:51.0675 0x0e2c  uliagpkx - ok
12:09:51.0706 0x0e2c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:09:51.0722 0x0e2c  umbus - ok
12:09:51.0737 0x0e2c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:09:51.0753 0x0e2c  UmPass - ok
12:09:51.0769 0x0e2c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:09:51.0815 0x0e2c  upnphost - ok
12:09:51.0847 0x0e2c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:09:51.0862 0x0e2c  usbaudio - ok
12:09:51.0893 0x0e2c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:09:51.0909 0x0e2c  usbccgp - ok
12:09:51.0925 0x0e2c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:09:51.0940 0x0e2c  usbcir - ok
12:09:51.0956 0x0e2c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:09:51.0971 0x0e2c  usbehci - ok
12:09:52.0003 0x0e2c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:09:52.0034 0x0e2c  usbhub - ok
12:09:52.0049 0x0e2c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:09:52.0065 0x0e2c  usbohci - ok
12:09:52.0096 0x0e2c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:09:52.0112 0x0e2c  usbprint - ok
12:09:52.0127 0x0e2c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:09:52.0143 0x0e2c  USBSTOR - ok
12:09:52.0159 0x0e2c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:09:52.0174 0x0e2c  usbuhci - ok
12:09:52.0190 0x0e2c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:09:52.0221 0x0e2c  UxSms - ok
12:09:52.0252 0x0e2c  [ 4561639D0E7750FA3FC5C553FCFA80D6, 152941642F4265C162458A67EA5F58D6FE4DCCBD4CBB9A2B3A2828DAC3A0197B ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
12:09:52.0268 0x0e2c  UxTuneUp - ok
12:09:52.0268 0x0e2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:09:52.0283 0x0e2c  VaultSvc - ok
12:09:52.0299 0x0e2c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:09:52.0299 0x0e2c  vdrvroot - ok
12:09:52.0330 0x0e2c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:09:52.0377 0x0e2c  vds - ok
12:09:52.0408 0x0e2c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:09:52.0424 0x0e2c  vga - ok
12:09:52.0424 0x0e2c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:09:52.0471 0x0e2c  VgaSave - ok
12:09:52.0486 0x0e2c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:09:52.0502 0x0e2c  vhdmp - ok
12:09:52.0517 0x0e2c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:09:52.0533 0x0e2c  viaide - ok
12:09:52.0533 0x0e2c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:09:52.0549 0x0e2c  volmgr - ok
12:09:52.0549 0x0e2c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:09:52.0580 0x0e2c  volmgrx - ok
12:09:52.0595 0x0e2c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:09:52.0611 0x0e2c  volsnap - ok
12:09:52.0642 0x0e2c  [ 0B0772247B85FC844A06498386E32F59, 47FBF825649C78E52A13EBD06336209C15414293A414757CF424E4B4490319BA ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:09:52.0658 0x0e2c  vpnagent - ok
12:09:52.0689 0x0e2c  [ 5932B2999AEF21C4599A792599F28D89, 78B2842BA71F9DAB5BB64BA4AB97BD19DEEFB075F83D735244906D046E78B2DC ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
12:09:52.0705 0x0e2c  vpnva - ok
12:09:52.0736 0x0e2c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:09:52.0751 0x0e2c  vsmraid - ok
12:09:52.0814 0x0e2c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:09:52.0892 0x0e2c  VSS - ok
12:09:52.0923 0x0e2c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:09:52.0939 0x0e2c  vwifibus - ok
12:09:52.0954 0x0e2c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:09:52.0970 0x0e2c  vwififlt - ok
12:09:53.0001 0x0e2c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:09:53.0017 0x0e2c  vwifimp - ok
12:09:53.0032 0x0e2c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:09:53.0079 0x0e2c  W32Time - ok
12:09:53.0110 0x0e2c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:09:53.0126 0x0e2c  WacomPen - ok
12:09:53.0141 0x0e2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:09:53.0173 0x0e2c  WANARP - ok
12:09:53.0188 0x0e2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:09:53.0204 0x0e2c  Wanarpv6 - ok
12:09:53.0251 0x0e2c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:09:53.0313 0x0e2c  wbengine - ok
12:09:53.0329 0x0e2c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:09:53.0375 0x0e2c  WbioSrvc - ok
12:09:53.0391 0x0e2c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:09:53.0438 0x0e2c  wcncsvc - ok
12:09:53.0438 0x0e2c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:09:53.0469 0x0e2c  WcsPlugInService - ok
12:09:53.0469 0x0e2c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:09:53.0485 0x0e2c  Wd - ok
12:09:53.0531 0x0e2c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:09:53.0609 0x0e2c  Wdf01000 - ok
12:09:53.0641 0x0e2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:09:53.0656 0x0e2c  WdiServiceHost - ok
12:09:53.0656 0x0e2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:09:53.0672 0x0e2c  WdiSystemHost - ok
12:09:53.0687 0x0e2c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:09:53.0703 0x0e2c  WebClient - ok
12:09:53.0734 0x0e2c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:09:53.0781 0x0e2c  Wecsvc - ok
12:09:53.0843 0x0e2c  [ A8E0E75F8411EE0FCE92F2CE65BDEEEC, 7F199830920EDCF9226E55531B74F576B94966668B30910A15FD013E83460E4D ] WeGameClientService C:\Program Files (x86)\WeGame\WGClientService.exe
12:09:53.0843 0x0e2c  WeGameClientService - ok
12:09:53.0859 0x0e2c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:09:53.0890 0x0e2c  wercplsupport - ok
12:09:53.0937 0x0e2c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:09:53.0968 0x0e2c  WerSvc - ok
12:09:53.0984 0x0e2c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:09:54.0015 0x0e2c  WfpLwf - ok
12:09:54.0031 0x0e2c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:09:54.0031 0x0e2c  WIMMount - ok
12:09:54.0046 0x0e2c  WinDefend - ok
12:09:54.0062 0x0e2c  WinHttpAutoProxySvc - ok
12:09:54.0093 0x0e2c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:09:54.0124 0x0e2c  Winmgmt - ok
12:09:54.0202 0x0e2c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:09:54.0280 0x0e2c  WinRM - ok
12:09:54.0311 0x0e2c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:09:54.0327 0x0e2c  WinUsb - ok
12:09:54.0389 0x0e2c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:09:54.0452 0x0e2c  Wlansvc - ok
12:09:54.0545 0x0e2c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:09:54.0608 0x0e2c  wlidsvc - ok
12:09:54.0655 0x0e2c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:09:54.0670 0x0e2c  WmiAcpi - ok
12:09:54.0748 0x0e2c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:09:54.0764 0x0e2c  wmiApSrv - ok
12:09:54.0795 0x0e2c  WMPNetworkSvc - ok
12:09:54.0811 0x0e2c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:09:54.0826 0x0e2c  WPCSvc - ok
12:09:54.0842 0x0e2c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:09:54.0857 0x0e2c  WPDBusEnum - ok
12:09:54.0873 0x0e2c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:09:54.0904 0x0e2c  ws2ifsl - ok
12:09:54.0935 0x0e2c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:09:54.0982 0x0e2c  wscsvc - ok
12:09:54.0998 0x0e2c  WSearch - ok
12:09:55.0247 0x0e2c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:09:55.0341 0x0e2c  wuauserv - ok
12:09:55.0357 0x0e2c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:09:55.0388 0x0e2c  WudfPf - ok
12:09:55.0419 0x0e2c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:55.0435 0x0e2c  WUDFRd - ok
12:09:55.0450 0x0e2c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:09:55.0466 0x0e2c  wudfsvc - ok
12:09:55.0513 0x0e2c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:09:55.0606 0x0e2c  WwanSvc - ok
12:09:55.0622 0x0e2c  ================ Scan global ===============================
12:09:55.0653 0x0e2c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:09:55.0747 0x0e2c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:09:55.0840 0x0e2c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:09:55.0871 0x0e2c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:09:55.0903 0x1874  Object required for P2P: [ 7A04FB623BE442450E716AA2A5476BE1 ] Steam Client Service
12:09:55.0934 0x0e2c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:09:55.0949 0x0e2c  [ Global ] - ok
12:09:55.0949 0x0e2c  ================ Scan MBR ==================================
12:09:55.0981 0x0e2c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:09:56.0932 0x0e2c  \Device\Harddisk0\DR0 - ok
12:09:56.0932 0x0e2c  ================ Scan VBR ==================================
12:09:56.0932 0x0e2c  [ AD8DF4E16F6F1AEE1ADEC3566DB85EE4 ] \Device\Harddisk0\DR0\Partition1
12:09:56.0995 0x0e2c  \Device\Harddisk0\DR0\Partition1 - ok
12:09:57.0026 0x0e2c  [ 84283BF0762D1715F5F57E25D7556128 ] \Device\Harddisk0\DR0\Partition2
12:09:57.0088 0x0e2c  \Device\Harddisk0\DR0\Partition2 - ok
12:09:57.0104 0x0e2c  [ FD475BF5D4D8F8DE72D6653A2ACC3516 ] \Device\Harddisk0\DR0\Partition3
12:09:57.0151 0x0e2c  \Device\Harddisk0\DR0\Partition3 - ok
12:09:57.0182 0x0e2c  [ F6A244A94FBE4DA68F8F19D779FCD765 ] \Device\Harddisk0\DR0\Partition4
12:09:57.0182 0x0e2c  \Device\Harddisk0\DR0\Partition4 - ok
12:09:57.0182 0x0e2c  ================ Scan generic autorun ======================
12:09:57.0229 0x0e2c  [ FC77F245431D4DA5A9E2A53F3A14B162, 5D45F1AD5492703861873A38FE87F4B8EBBD2DEE3DCFB075D35A362212DF9B04 ] C:\Windows\RaidTool\xInsIDE.exe
12:09:57.0229 0x0e2c  JMB36X IDE Setup - ok
12:09:57.0275 0x0e2c  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
12:09:57.0291 0x0e2c  mcpltui_exe - ok
12:09:57.0338 0x0e2c  [ 298F33473654083D2AD6B2144832A2F8, AE2667D191593ACC5091B5EEF2E19353DA7914D2D465E25BB96EFB58FFAF9CE0 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
12:09:57.0369 0x0e2c  BlueStacks Agent - ok
12:09:57.0494 0x0e2c  [ CFEDDB638643C9B4DDD1570EB17D7C16, 8EA72FAD24BA0DE4E207773CAADF6BAE7055C6B27E3E3D1B8B74EE726872054A ] C:\LogMeIn Hamachi\hamachi-2-ui.exe
12:09:57.0587 0x0e2c  LogMeIn Hamachi Ui - ok
12:09:57.0650 0x0e2c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:09:57.0681 0x0e2c  Adobe ARM - ok
12:09:57.0759 0x0e2c  [ 5673198884B5E6ED553E0C4F3DF0BB7E, DE115EABC8A80DED93BD4037E7DDBB2D8F9A02F0AB28BD2CA9DDD0C051D48B9A ] C:\Trojan Remover\Trjscan.exe
12:09:57.0806 0x0e2c  TrojanScanner - ok
12:09:57.0884 0x0e2c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:09:57.0915 0x0e2c  Sidebar - ok
12:09:57.0946 0x0e2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:09:57.0962 0x0e2c  mctadmin - ok
12:09:57.0993 0x0e2c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:09:58.0040 0x0e2c  Sidebar - ok
12:09:58.0040 0x0e2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:09:58.0055 0x0e2c  mctadmin - ok
12:09:58.0180 0x0e2c  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] D:\DAEMON Tools Lite\DTLite.exe
12:09:58.0289 0x0e2c  DAEMON Tools Lite - ok
12:09:58.0289 0x0e2c  Waiting for KSN requests completion. In queue: 108
12:09:58.0679 0x1874  Object send P2P result: true
12:09:59.0303 0x0e2c  Waiting for KSN requests completion. In queue: 48
12:10:00.0317 0x0e2c  Waiting for KSN requests completion. In queue: 48
12:10:01.0331 0x0e2c  AV detected via SS2: McAfee Anti-Virus und Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
12:10:01.0331 0x0e2c  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
12:10:04.0061 0x0e2c  ============================================================
12:10:04.0061 0x0e2c  Scan finished
12:10:04.0061 0x0e2c  ============================================================
12:10:04.0061 0x148c  Detected object count: 0
12:10:04.0061 0x148c  Actual detected object count: 0

schrauber · 19.11.2014, 19:05

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Franky10 · 19.11.2014, 20:55

Obwohl ich Mcaffe deaktiviert hatte hat Combofix gemeckert.

Code:

ATTFilter

ComboFix 14-11-18.01 - Privat 19.11.2014  20:35:13.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2401 [GMT 1:00]
ausgeführt von:: c:\users\Privat\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Adobe\rundll32.exe
c:\programdata\Adobe\wget.exe
c:\programdata\msrmfn.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-19 bis 2014-11-19  ))))))))))))))))))))))))))))))
.
.
2014-11-19 19:45 . 2014-11-19 19:45	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2014-11-18 09:48 . 2014-11-18 09:51	--------	d-----w-	C:\FRST
2014-11-18 09:01 . 2014-11-18 09:01	--------	d-----w-	c:\programdata\Licenses
2014-11-18 08:58 . 2014-11-18 09:01	--------	d-----w-	C:\Trojan Remover
2014-11-18 08:58 . 2014-11-18 08:58	--------	d-----w-	c:\programdata\Simply Super Software
2014-11-17 08:46 . 2014-11-17 08:46	--------	d-sh--w-	c:\users\Privat\AppData\Local\EmieBrowserModeList
2014-11-13 17:31 . 2014-08-21 06:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2014-11-13 17:30 . 2014-09-19 09:42	342016	----a-w-	c:\windows\system32\schannel.dll
2014-11-13 17:29 . 2014-10-25 01:57	77824	----a-w-	c:\windows\system32\packager.dll
2014-11-13 17:29 . 2014-10-25 01:32	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-11-13 17:29 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-11-13 17:29 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2014-11-13 17:29 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-11-13 17:29 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-13 17:29 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-11-06 18:26 . 2014-11-13 17:10	--------	d-----w-	c:\users\Privat\AppData\Roaming\Qytir
2014-11-06 18:26 . 2014-11-13 10:14	--------	d-----w-	c:\users\Privat\AppData\Roaming\Xunoo
2014-11-05 19:26 . 2014-11-06 06:20	--------	d-----w-	c:\users\Privat\AppData\Roaming\Udabc
2014-11-05 19:26 . 2014-11-05 19:31	--------	d-----w-	c:\users\Privat\AppData\Roaming\Zyzoki
2014-11-05 06:37 . 2014-11-05 06:37	--------	d-----w-	C:\LogMeIn Hamachi
2014-11-02 23:13 . 2014-11-02 23:18	--------	d-----w-	c:\users\Privat\AppData\Local\Savant_Ascent
2014-10-30 16:15 . 2014-10-30 16:15	--------	d-----w-	c:\users\Privat\AppData\Local\Bossland
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-15 10:27 . 2013-02-20 17:21	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-12 19:32 . 2013-02-21 14:22	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 19:32 . 2013-02-21 14:22	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 09:00 . 2014-10-20 09:00	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-25 02:08 . 2014-10-01 10:35	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 10:35	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 13:12	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 13:12	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 10:22	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 10:22	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-08-29 01:20 . 2012-07-17 13:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 15:57 . 2014-08-26 15:56	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-23 02:07 . 2014-08-28 08:37	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 08:37	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-07-03 831192]
"LogMeIn Hamachi Ui"="c:\logmein hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"TrojanScanner"="c:\trojan remover\Trjscan.exe" [2014-05-22 1666432]
.
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-21 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"Adobe updater"=c:\programdata\Adobe\color.vbs
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
R2 0163371416395149mcinstcleanup;McAfee Application Installer Cleanup (0163371416395149);c:\windows\TEMP\016337~1.EXE;c:\windows\TEMP\016337~1.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.4\dbk64.sys;c:\program files (x86)\Cheat Engine 6.4\dbk64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys;c:\windows\SYSNATIVE\Drivers\pssdk41.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
R4 WeGameClientService;WeGame Client Service;c:\program files (x86)\WeGame\WGClientService.exe;c:\program files (x86)\WeGame\WGClientService.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\logmein hamachi\hamachi-2.exe;c:\logmein hamachi\hamachi-2.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-21 19:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-13 13263072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-GameWiz32 - c:\windows\system32\GKSUI18.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\SecuROM\License information*]
"datasecu"=hex:91,f3,b5,56,80,68,e2,5c,0d,6f,31,ca,2a,5d,2e,48,18,1c,e6,ec,e6,
   bc,a2,1d,ad,60,83,4c,12,40,80,3c,0b,c5,f6,6c,3f,3e,93,82,af,0a,7b,b8,06,44,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-19  20:51:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-19 19:51
.
Vor Suchlauf: 34 Verzeichnis(se), 10.146.410.496 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 10.219.577.344 Bytes frei
.
- - End Of File - - 86ADAFAFB51654B1FF91EB8B3E0271D8
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 20.11.2014, 18:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Franky10 · 21.11.2014, 09:18

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.11.2014
Suchlauf-Zeit: 08:43:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.21.05
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Privat

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368482
Verstrichene Zeit: 14 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3639632852-3389204036-3798740433-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [6702ca744d2f2d099f84ff8f7f85ae52], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 5
Trojan.VirTool, C:\Users\Privat\Downloads\Metro.Last.Light.Update2.Cracked.rar, In Quarantäne, [83e6340a720a0f2758277118eb17ab55], 
PUP.Optional.Somoto, C:\Users\Privat\Downloads\MCPatcher_downloader_by_MCPatcher.exe, In Quarantäne, [a4c555e989f32115fde24c284bba0000], 
PUP.Optional.Softonic, C:\Users\Privat\Downloads\SoftonicDownloader_fuer_emule.exe, In Quarantäne, [3c2d7ec00973b581c7295dc13bc60df3], 
PUP.Optional.OpenCandy, C:\Users\Privat\Downloads\DTLite4461-0327.exe, In Quarantäne, [2148e757a0dcab8b03a44d28f01513ed], 
PUP.HackTool.Agent, C:\Users\Privat\Downloads\hav10444+5tr.rar, In Quarantäne, [84e5da64ceaeda5c2e14577b12eeee12], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.101 - Bericht erstellt am 21/11/2014 um 09:05:49
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Privat - PRIVAT-PC
# Gestartet von : C:\Users\Privat\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\tencent
Ordner Gelöscht : C:\Program Files (x86)\Common Files\tencent
Ordner Gelöscht : C:\Users\Privat\AppData\Roaming\tencent
Datei Gelöscht : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\foxydeal.sqlite

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86F4A33C-E46F-4F98-8AAC-0A7F0D697C5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EAAED308-7322-4B9B-965E-171933ADD473}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F77EC82F-0B3A-4E59-8B7C-0C132DDB60C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F77EC82F-0B3A-4E59-8B7C-0C132DDB60C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CE30957B-3180-41F0-838C-2F3E64BA24BA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F77EC82F-0B3A-4E59-8B7C-0C132DDB60C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tencent

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 de)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1717 octets] - [06/04/2014 00:18:40]
AdwCleaner[R1].txt - [1453 octets] - [05/06/2014 09:55:01]
AdwCleaner[R2].txt - [2424 octets] - [21/11/2014 09:04:01]
AdwCleaner[S0].txt - [1666 octets] - [06/04/2014 00:19:45]
AdwCleaner[S1].txt - [1514 octets] - [05/06/2014 09:56:47]
AdwCleaner[S2].txt - [2341 octets] - [21/11/2014 09:05:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2401 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Privat on 21.11.2014 at  9:10:46,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Privat\appdata\local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}



~~~ FireFox

Emptied folder: C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\xv3oqpim.default\minidumps [639 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.11.2014 at  9:13:50,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Privat (administrator) on PRIVAT-PC on 21-11-2014 09:15:25
Running from C:\Users\Privat\Downloads
Loaded Profile: Privat (Available profiles: Privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrojanScanner] => C:\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x061DAC5E614FCE01
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> DefaultScope {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
FF NetworkProxy: "backup.ftp", "37.187.85.128"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.socks", "37.187.85.128"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "37.187.85.128"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "37.187.85.128"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "http", "37.187.85.128"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "37.187.85.128"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "37.187.85.128"
FF NetworkProxy: "ssl_port", 8081
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Privat\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Privat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: ubisoft.com/uplaypc -> C:\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\foxyproxy@eric.h.jung [2014-09-06]
FF Extension: ProxTube - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-02-21]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; C:\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 IconMan_R; C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software)
S4 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)
S2 0163371416395149mcinstcleanup; C:\Windows\TEMP\016337~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-16] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-26] (Disc Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-16] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-21] (microOLAP Technologies LTD)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 09:15 - 2014-11-21 09:15 - 00022308 _____ () C:\Users\Privat\Downloads\FRST.txt
2014-11-21 09:15 - 2014-11-21 09:15 - 00000000 ____D () C:\Users\Privat\Downloads\FRST-OlderVersion
2014-11-21 09:13 - 2014-11-21 09:13 - 00001050 _____ () C:\Users\Privat\Desktop\JRT.txt
2014-11-21 09:10 - 2014-11-21 09:10 - 01707532 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-11-21 09:10 - 2014-11-21 09:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 09:10 - 2014-11-21 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-21 09:08 - 2014-11-21 09:08 - 00002485 _____ () C:\Users\Privat\Desktop\AdwCleaner[S2].txt
2014-11-21 09:02 - 2014-11-21 09:03 - 02140160 _____ () C:\Users\Privat\Desktop\AdwCleaner_4.101.exe
2014-11-21 09:02 - 2014-11-21 09:02 - 00001981 _____ () C:\Users\Privat\Desktop\mbam.txt
2014-11-21 08:42 - 2014-11-21 09:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 08:42 - 2014-11-21 08:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 08:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 08:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 08:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 20:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 20:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 20:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 20:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 20:52 - 2014-11-19 20:52 - 00028080 _____ () C:\ComboFix.txt
2014-11-19 20:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 20:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 20:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 20:26 - 2014-11-19 20:52 - 00000000 ____D () C:\Qoobox
2014-11-19 20:26 - 2014-11-19 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 20:24 - 2014-11-19 20:24 - 05598306 _____ (Swearware) C:\Users\Privat\Downloads\ComboFix (1).exe
2014-11-19 20:23 - 2014-11-19 20:23 - 05598306 ____R (Swearware) C:\Users\Privat\Desktop\ComboFix.exe
2014-11-19 12:07 - 2014-11-19 12:07 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Privat\Desktop\tdsskiller.exe
2014-11-18 10:48 - 2014-11-21 09:15 - 02117632 _____ (Farbar) C:\Users\Privat\Downloads\FRST64.exe
2014-11-18 10:48 - 2014-11-21 09:15 - 00000000 ____D () C:\FRST
2014-11-18 10:01 - 2014-11-19 20:41 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-18 10:01 - 2014-11-18 10:01 - 00000738 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-11-18 10:01 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-18 10:00 - 2014-11-18 10:01 - 21657592 _____ (Simply Super Software ) C:\Users\Privat\Downloads\trjsetup.exe
2014-11-18 09:59 - 2014-11-18 09:59 - 00000000 ____D () C:\Users\Privat\Documents\Simply Super Software
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\Trojan Remover
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-11-18 09:58 - 2014-11-18 09:58 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-11-17 09:46 - 2014-11-17 09:46 - 00000000 __SHD () C:\Users\Privat\AppData\Local\EmieBrowserModeList
2014-11-13 18:34 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:34 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:34 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:34 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:34 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:34 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:34 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:34 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:34 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:34 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:34 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:34 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:34 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:34 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:34 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:34 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:34 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:34 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:34 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:34 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:34 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:34 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:34 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:34 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:34 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:34 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:34 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:31 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:31 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:31 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:31 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:31 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:30 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:29 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:29 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:29 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:29 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:29 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:29 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:29 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 22:01 - 2014-11-11 22:01 - 01279428 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel.CT
2014-11-11 15:03 - 2014-11-11 15:44 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755
2014-11-11 15:03 - 2014-11-11 15:03 - 13162501 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755.zip
2014-11-10 20:08 - 2014-11-10 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 19:26 - 2014-11-13 18:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Qytir
2014-11-06 19:26 - 2014-11-13 11:14 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Xunoo
2014-11-05 20:26 - 2014-11-06 07:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Udabc
2014-11-05 20:26 - 2014-11-05 20:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Zyzoki
2014-11-05 18:59 - 2014-11-05 18:59 - 01055936 _____ (Adobe) C:\Users\Privat\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-11-05 15:22 - 2014-11-05 15:22 - 00682488 _____ () C:\Users\Privat\Downloads\SC2_v2.1.6.32540 All.CT
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\LogMeIn Hamachi
2014-11-03 00:13 - 2014-11-03 00:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Savant_Ascent
2014-11-01 15:33 - 2014-11-01 15:33 - 01013777 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel(1).CT
2014-10-30 17:32 - 2014-10-30 17:33 - 06180521 _____ () C:\Users\Privat\Downloads\buddy-profiles.honorbuddy.rar
2014-10-30 17:15 - 2014-10-30 17:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Bossland
2014-10-30 17:06 - 2014-11-11 15:04 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753
2014-10-30 17:01 - 2014-10-30 17:02 - 13360657 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753.zip
2014-10-29 17:43 - 2014-10-29 17:44 - 00000000 ____D () C:\Users\Privat\Documents\Heroes of the Storm
2014-10-29 15:34 - 2014-10-29 15:34 - 00000688 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-10-28 16:30 - 2014-10-28 16:30 - 00002060 _____ () C:\Users\Privat\Downloads\moneytype.lua
2014-10-28 16:14 - 2014-10-28 16:14 - 00150719 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1004.CT
2014-10-28 16:08 - 2014-10-28 16:08 - 00052450 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1000.CT
2014-10-28 13:08 - 2014-10-28 13:08 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752
2014-10-28 13:07 - 2014-10-28 13:07 - 13180572 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752.zip
2014-10-28 13:05 - 2014-11-11 15:08 - 00000000 ____D () C:\Users\Privat\Downloads\Cd teil
2014-10-28 13:05 - 2014-10-28 13:05 - 00237261 _____ () C:\Users\Privat\Downloads\CDPatcher.zip
2014-10-28 12:55 - 2014-10-28 12:55 - 00005444 _____ () C:\Users\Privat\Downloads\relink.us__sidmecivi.iso_11f422c9c7b724e5e2bfe1c6ff3466.dlc
2014-10-22 10:39 - 2014-10-22 10:39 - 00000000 ____D () C:\Users\Privat\Downloads\saveedit_r7
2014-10-22 10:36 - 2014-10-22 10:37 - 01219525 _____ () C:\Users\Privat\Downloads\saveedit_r7.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 09:15 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:15 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:11 - 2013-02-20 17:01 - 01356488 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 09:07 - 2014-10-12 00:02 - 00036960 _____ () C:\Windows\PFRO.log
2014-11-21 09:07 - 2014-10-09 05:07 - 00014840 _____ () C:\Windows\setupact.log
2014-11-21 09:07 - 2013-12-13 17:06 - 00000000 ____D () C:\Users\Privat\AppData\Local\LogMeIn Hamachi
2014-11-21 09:07 - 2013-02-20 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-21 09:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 09:05 - 2014-04-06 00:18 - 00000000 ____D () C:\AdwCleaner
2014-11-21 09:00 - 2013-03-15 23:49 - 00000000 ____D () C:\Users\Privat\AppData\Local\TSVNCache
2014-11-21 00:51 - 2013-02-21 15:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2014-11-21 00:50 - 2013-10-04 19:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2014-11-21 00:32 - 2013-02-21 15:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 10:06 - 2014-06-02 12:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-19 20:52 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Privat\AppData\Local\Apps\2.0
2014-11-19 20:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 20:44 - 2013-03-16 19:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-19 12:05 - 2013-02-21 15:25 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-19 12:04 - 2013-02-20 17:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 21:18 - 2014-10-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-18 12:33 - 2014-04-13 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-11-18 11:01 - 2013-08-27 22:59 - 00000000 ____D () C:\Star Wars JK II Jedi Outcast
2014-11-18 10:59 - 2013-02-22 09:57 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 10:58 - 2014-04-13 12:38 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-11-18 10:58 - 2014-04-13 12:38 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\InstallShield Installation Information
2014-11-18 10:57 - 2014-04-13 13:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2014-11-18 10:57 - 2013-02-22 11:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 10:54 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 10:49 - 2014-06-15 12:24 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-11-18 10:49 - 2014-06-15 12:22 - 00000000 ____D () C:\2-click run
2014-11-18 10:36 - 2013-05-01 12:25 - 00000063 _____ () C:\Windows\SIERRA.INI
2014-11-18 10:34 - 2013-04-15 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-11-18 10:29 - 2014-06-27 07:58 - 00000000 ____D () C:\Creeper World 3
2014-11-18 10:07 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2014-11-18 10:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-17 02:53 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 12:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 11:30 - 2014-10-09 05:06 - 00295360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:27 - 2013-08-06 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 11:27 - 2013-02-20 18:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 07:09 - 2011-04-12 08:43 - 00700500 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 07:09 - 2011-04-12 08:43 - 00150138 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 07:09 - 2009-07-14 06:13 - 01624234 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 22:01 - 2013-03-16 19:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-12 20:32 - 2013-02-21 15:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 20:32 - 2013-02-21 15:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:32 - 2013-02-21 15:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 08:24 - 2014-09-02 20:11 - 00000219 _____ () C:\Users\Privat\Desktop\Diablo 3 Bot key.txt
2014-11-11 10:30 - 2013-02-21 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 19:23 - 2013-02-21 15:25 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-05 14:53 - 2013-02-25 11:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\uTorrent
2014-11-04 13:39 - 2013-03-10 00:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\.minecraft
2014-10-29 19:55 - 2013-10-28 11:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-29 17:43 - 2013-02-21 15:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-28 12:28 - 2013-03-18 16:18 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2014-10-28 11:40 - 2014-06-02 13:31 - 00000000 ____D () C:\Users\Privat\Downloads\SpeedAutoClicker
2014-10-26 10:15 - 2014-08-28 11:38 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler

Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\Temp\Quarantine.exe
C:\Users\Privat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:47

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Privat at 2014-11-21 09:15:58
Running from C:\Users\Privat\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Remember Me»  1.0.2056.0 (HKLM-x32\...\Remember Me_is1) (Version: 1.0.2056.0 - CAPCOM)
µTorrent (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
AC3-Deu-x64 1.00 (HKLM-x32\...\AC3-Deu-x64 1.00) (Version: 1.00 - Hexa-keys.de)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Armies of Exigo (HKLM-x32\...\Armies of Exigo_is1) (Version:  - )
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Cave Story (HKLM-x32\...\Cave Story) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chantelise (HKLM-x32\...\Steam App 70420) (Version:  - EasyGameStation)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - )
Curse Client (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dominions 4 - Thrones of Ascension (HKLM-x32\...\Dominions 4 - Thrones of Ascension1.1) (Version: 1.1 - Foxy Games)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
Electronic Super Joy: Groove City (HKLM-x32\...\Steam App 301460) (Version:  - Michael Todd Games)
eMule (HKLM-x32\...\eMule) (Version:  - )
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fortune Summoners: Secret of the Elemental Stone (HKLM-x32\...\Steam App 203510) (Version:  - Lizsoft)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Screen Video Recorder version 2.5.31.1022 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.31.1022 - DVDVideoSoft Ltd.)
GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Honorbuddy (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{c5d18628-1abd-4da7-a0cd-108ba608da79}) (Version: 2.5.10945.744 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.10945.744 - Bossland GmbH) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Kohan II Kings of War (HKLM-x32\...\InstallShield_{F96A02BA-8F24-44D4-AC69-EE4CAD772290}) (Version: 0.2.0.0 - TimeGate Studios)
Kohan II Kings of War (x32 Version: 0.2.0.0 - TimeGate Studios) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic Workstation 0.94f (HKLM-x32\...\Magic Workstation_is1) (Version:  - Magic Technology)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version:  - )
Mass Effect 3 (c) Bioware version 1 (HKLM-x32\...\TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1) (Version: 1 - )
Mass Effect 3 Firefight DLC 1.00 (HKLM-x32\...\Mass Effect 3 Firefight DLC 1.00) (Version:  - )
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
MegaTrainer eXperience V1.2.5.6 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Miku Dark Vocaloid3 Library (HKLM-x32\...\Miku Dark Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Miku Soft Vocaloid3 Library (HKLM-x32\...\Miku Soft Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
ParaWorld (HKLM-x32\...\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}) (Version: 1.00 - Sunflowers)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.2-1.0.6555.3 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.07 (25.02.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.70.02(21.09.2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sins of a Solar Empire Rebellion (c) Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion (c) Stardock_is1) (Version: 1 - )
Space Run (HKLM-x32\...\Steam App 275670) (Version:  - Passtech Games)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Tropico 4 1.00 (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Tropico 4) (Version: 1.00 - Kalypso Media)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.122 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Vocaloid3 Free Edition v3.0.5.0 (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 - )
VVVVVV (Window v1.0) (HKLM-x32\...\{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1) (Version:  - Terry Cavanagh)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WeGame Client 2.4.3.0 (HKLM-x32\...\12345_is1) (Version: 2.4.3.0 - WeGame.com, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XLink Kai (HKLM-x32\...\{68698000-12EF-4B09-8A80-1C44BE7FF76B}) (Version: 7.4.26.0 - Team XLink)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0c648402-45fe-4fd4-af02-244c74687711}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0d59693a-5e3e-413a-90ab-7a7af12c988e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{1434a289-0e6d-4f32-9374-96d593732bb9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2549cc27-4bcb-4f26-9e29-b2acfbf22ecf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2cd4e7ef-3985-4b7d-bf9b-9f5698f058ae}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2f7a7067-3c0c-4126-9d45-6f3119a22f22}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3794ecb7-d216-435c-b437-0578bb1373e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{39a79074-1e2f-4b17-be08-a23c0d6fc2ff}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3fc73614-c9f4-4a88-8bb7-36e8c2680364}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{4968d3ac-79e0-4c40-901a-bf7f1d7d714f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5052c3ca-b29a-4d5f-8765-c670bc6282ad}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{521215e6-cafb-4139-a411-781ffc69ec5c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{58ce203d-18ac-411a-82e3-b0a4ed5c7c8b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5956bc0f-b5e8-4e10-84bc-50beb2f58207}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{59bbcca9-cda2-4958-ae5e-659a55b0014a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d278f15-30f1-483f-8eb7-7b115f73e647}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d4eca92-7634-4ada-8803-81fb5480f9bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5fc89f7a-a180-4d5a-a0f8-1d05fc56d1a7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6270117a-25fb-4e5d-ac22-40f6ac2e89e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{66dd8465-7ed7-45dd-aaab-81893ee157af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6d5f192d-ce46-4778-a172-33d0ae5dd49d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6e4e9bda-a06e-4382-ab86-4f5ef064b45e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{71a1962a-ee7b-45a4-beb1-0d23380a9e0e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7933c0a8-a94b-4584-90ee-e21de76b6921}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f4a8ee4-8991-41cf-8eae-18e70f279d6e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f753600-fe57-40b4-a896-3e2841534682}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{8770452f-0c1d-444a-9474-29e23ecac5c0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{89e1710d-e2b4-447d-aa2c-a085d988c074}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{91ae327d-1f5d-433f-a179-5440e5c7c126}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{997c8920-fd54-4cbd-a9dc-35f02e49091d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{9fb4dedd-6285-4e33-a4ec-c018ca889e73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{a89b61fa-5676-4f81-989d-d19ad0e5d8af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ae1d19e7-0ce8-4a38-a51c-b6c203909bf5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b07d9d29-3804-4423-885e-7587b5dc2790}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b8412bfb-eb4b-43aa-b9b4-ce3e19b19baf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ba5c303c-ab4b-48ed-93e0-d28613e2c698}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{bb1257c4-2310-4bb7-91b7-832e98755ea2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c4c7bb01-4688-4085-904a-c40197666f4f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6771431-c5e5-433a-9f76-3fe56f1c99bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6b85316-d475-45b9-9afc-4c21c7ade0fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cc75ed99-f5a6-4d54-b0d2-471120910431}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ce136395-51a2-4623-b80e-fbca55b895b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cef39d29-8d62-4bd5-a684-e5eee3965400}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{d3a35810-766a-4449-b274-5d05df60fe0b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{dfb6d729-4e4e-4f05-8fb7-aa6df6200490}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fa9c0b42-bc83-44c5-958f-6aeebebf13e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fba062fa-ad1c-4cc8-ad3a-a892dd2350db}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-11-2014 00:06:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B96E333-4B53-4646-BFD8-DEBF5A3E5316} - System32\Tasks\{74CBD05A-2D9C-4AC7-A526-170533981E12} => D:\Chrome SpecForce\SpecForce.exe
Task: {1F6C01A4-CD94-4834-A9CD-B772E3F72E18} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software)
Task: {3BF549C7-659F-4C31-96E3-EAF4F2A26866} - System32\Tasks\{327509F3-8BA3-4E7E-9A21-B1B328C2E194} => C:\Creeper World 3 Arc Eternal\CW3.exe
Task: {962BF8C8-6C14-4F95-AE38-CF73CFFFF50D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9EB7E2F1-A976-41D4-A3E3-49B3DDD28AF7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {B64C2150-82D2-4C98-83B7-469CB12FEFF9} - System32\Tasks\{AB82291C-06B1-4FFF-B661-D67F1257B6CA} => D:\Turok 2008\Binaries\TurokGame.exe
Task: {C88FC024-8E77-4FA7-81EA-59FF916653F2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {CC78BBCB-35A4-45FE-8051-8ACCDA93580A} - System32\Tasks\{87939DD5-0693-4AFF-A360-B9BC08DF4B51} => D:\Chrome SpecForce\SpecForce.exe
Task: {FC03E965-4CD7-44EA-9115-495AC5450AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 12:00 - 2012-01-09 12:38 - 00034304 _____ () C:\Windows\System32\sst6clm.dll
2013-02-20 17:30 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-21 21:39 - 2014-02-10 13:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-11 14:02 - 2013-10-11 14:02 - 00753464 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-12-12 23:36 - 2013-12-12 23:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

========================= Accounts: ==========================

Administrator (S-1-5-21-3639632852-3389204036-3798740433-500 - Administrator - Disabled)
Gast (S-1-5-21-3639632852-3389204036-3798740433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3639632852-3389204036-3798740433-1003 - Limited - Enabled)
Privat (S-1-5-21-3639632852-3389204036-3798740433-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-19 20:44:41.503
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-19 20:44:41.471
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 54%
Total physical RAM: 4087.08 MB
Available physical RAM: 1875.89 MB
Total Pagefile: 8172.34 MB
Available Pagefile: 5940.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:9.64 GB) NTFS
Drive d: () (Fixed) (Total:278.32 GB) (Free:72.7 GB) NTFS
Drive e: () (Fixed) (Total:506.71 GB) (Free:117.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 79A3541B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=278.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=506.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 22.11.2014, 08:51

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Franky10 · 22.11.2014, 21:37

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58746c3f0020e643838544b3ab1b0e36
# engine=21215
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-22 12:55:59
# local_time=2014-11-22 01:55:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 43140189 168290809 0 0
# scanned=499472
# found=22
# cleaned=0
# scan_time=11569
sh=A5D4D1472CD365B05C10F2A324048A339FCE483A ft=1 fh=a001a55405d17196 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=0295D35699B2140BBB9587B6628DDB394847F15D ft=1 fh=e16bddca39b92870 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=35BBC389C51058C3D10C821A0D9DF7460AA03709 ft=1 fh=76f133bb8e8687d2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1387194519442.vir"
sh=35BBC389C51058C3D10C821A0D9DF7460AA03709 ft=1 fh=76f133bb8e8687d2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1387194519452.vir"
sh=CD1C24A1EEBA7BF42ACAE7BB816BA4CB44248EA7 ft=1 fh=fbc6405e97975547 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=B8E13BA427AD7DA77629A1D280A44F16564BBA3F ft=1 fh=206045b78442ee8f vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=BAFB304CFCFCA21BBFE37B69725C732D4133752A ft=1 fh=72ec2f035966a73c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=90809E3D95CBE0CAD03FD031B7C2A21ACBB09C65 ft=1 fh=e0e2f26ba48b3fbb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=CE3FEE449AE8F548152E3DEE5EBE6885C8DDC8B0 ft=1 fh=52bfba53a8df10b3 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=15B12AE8233A6E3B4806C081D34159E76C92C67D ft=1 fh=53d4432bf5a930f9 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=3A72EA463E0B4C53F8A51E01DCECF75FCC275ABC ft=1 fh=2853ce8437dbfac9 vn="Variante von Generik.MMSTKML Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\msrmfn.exe.vir"
sh=2868B1D76C573ED43D45E3125A7C7B46B81EB8D9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\prefs.js"
sh=470C8FCE76DD2E9DF965E1B68CF0E6A019938133 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\prefs.js.BAK"
sh=45CC5EF1F32D7977966C90FE9D27EE806F706909 ft=1 fh=63ba91cba69603ac vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\Downloads\FRAPS - CHIP-Downloader.exe"
sh=E8665F76D4B52A8A79F999B3965D6468993DFC62 ft=1 fh=e82177a4423da96d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\Downloads\vpsetup-Downloader.exe"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Users\Privat\Downloads\Metro.Last.Light.Update2.Cracked\Metro.Last.Light.Update2.Cracked\steam_api.dll"
sh=03830A0E7AEE562C3467657E3A7A63FF65067A56 ft=1 fh=2d5de6a4c3b1cd41 vn="BAT/TrojanDownloader.wGet.CI Trojaner" ac=I fn="C:\Windows\System32\Setup.exe"
sh=03830A0E7AEE562C3467657E3A7A63FF65067A56 ft=1 fh=2d5de6a4c3b1cd41 vn="BAT/TrojanDownloader.wGet.CI Trojaner" ac=I fn="C:\Windows\SysWOW64\Setup.exe"
sh=D0B839A60191DB98543978E0E351B380F119F328 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.VB.QME Trojaner" ac=I fn="D:\Downloads\Sexual Fantasy Kingdom vol. 1 Galaxy Edition.rar"
sh=E77828791C6B814E74B663CFE196512DA2487219 ft=0 fh=0000000000000000 vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Monster Girl Quest Complete\mod\Spirits\Messenger Plus! Live 5.00.702.zip"
sh=708D0E6816F8B8CD709CF7D1CD2EAAC67FEE5EAD ft=1 fh=441ef35990086bba vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Monster Girl Quest Complete\mod\Spirits\Setup-MsgPlus-511.exe"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="E:\Metro Last Light\steam_api.dll"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Trojan Remover 6.9.1   
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by Privat (administrator) on PRIVAT-PC on 22-11-2014 21:35:55
Running from C:\Users\Privat\Downloads
Loaded Profile: Privat (Available profiles: Privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\LogMeIn Hamachi\LMIGuardianSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
() C:\Users\Privat\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrojanScanner] => C:\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x061DAC5E614FCE01
HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> DefaultScope {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000 -> {30239514-A9AC-4AAC-A350-5480C44E8EDA} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE585D20140801&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
FF NetworkProxy: "backup.ftp", "37.187.85.128"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.socks", "37.187.85.128"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "37.187.85.128"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "37.187.85.128"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "http", "37.187.85.128"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "37.187.85.128"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "37.187.85.128"
FF NetworkProxy: "ssl_port", 8081
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Privat\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Privat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3639632852-3389204036-3798740433-1000: ubisoft.com/uplaypc -> C:\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\foxyproxy@eric.h.jung [2014-09-06]
FF Extension: ProxTube - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\xv3oqpim.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0246511416648554mcinstcleanup; C:\Users\Privat\AppData\Local\Temp\024651~1.EXE [836168 2014-03-13] (McAfee, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; C:\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
S4 IconMan_R; C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software)
S4 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-16] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-26] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-21] (microOLAP Technologies LTD)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 21:35 - 2014-11-22 21:36 - 00017711 _____ () C:\Users\Privat\Downloads\FRST.txt
2014-11-22 21:32 - 2014-11-22 21:32 - 00854414 _____ () C:\Users\Privat\Desktop\SecurityCheck.exe
2014-11-22 10:27 - 2014-11-22 10:28 - 03480040 _____ (McAfee, Inc.) C:\Users\Privat\Downloads\MCPR76.exe
2014-11-21 10:27 - 2014-11-21 10:27 - 00861000 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel(2).CT
2014-11-21 09:15 - 2014-11-22 21:35 - 00000000 ____D () C:\Users\Privat\Downloads\FRST-OlderVersion
2014-11-21 09:15 - 2014-11-21 09:16 - 00048511 _____ () C:\Users\Privat\Desktop\FRST.txt
2014-11-21 09:15 - 2014-11-21 09:16 - 00037427 _____ () C:\Users\Privat\Desktop\Addition.txt
2014-11-21 09:13 - 2014-11-21 09:13 - 00001050 _____ () C:\Users\Privat\Desktop\JRT.txt
2014-11-21 09:10 - 2014-11-21 09:10 - 01707532 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-11-21 09:10 - 2014-11-21 09:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 09:08 - 2014-11-21 09:08 - 00002485 _____ () C:\Users\Privat\Desktop\AdwCleaner[S2].txt
2014-11-21 09:02 - 2014-11-21 09:03 - 02140160 _____ () C:\Users\Privat\Desktop\AdwCleaner_4.101.exe
2014-11-21 09:02 - 2014-11-21 09:02 - 00001981 _____ () C:\Users\Privat\Desktop\mbam.txt
2014-11-21 08:42 - 2014-11-21 09:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 08:42 - 2014-11-21 08:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 08:42 - 2014-11-21 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 08:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 08:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 08:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 20:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 20:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 20:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 20:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 20:52 - 2014-11-19 20:52 - 00028080 _____ () C:\ComboFix.txt
2014-11-19 20:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 20:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 20:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 20:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 20:26 - 2014-11-19 20:52 - 00000000 ____D () C:\Qoobox
2014-11-19 20:26 - 2014-11-19 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 20:24 - 2014-11-19 20:24 - 05598306 _____ (Swearware) C:\Users\Privat\Downloads\ComboFix (1).exe
2014-11-19 20:23 - 2014-11-19 20:23 - 05598306 ____R (Swearware) C:\Users\Privat\Desktop\ComboFix.exe
2014-11-19 12:07 - 2014-11-19 12:07 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Privat\Desktop\tdsskiller.exe
2014-11-18 10:48 - 2014-11-22 21:35 - 02118144 _____ (Farbar) C:\Users\Privat\Downloads\FRST64.exe
2014-11-18 10:48 - 2014-11-22 21:35 - 00000000 ____D () C:\FRST
2014-11-18 10:01 - 2014-11-19 20:41 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-18 10:01 - 2014-11-18 10:01 - 00000738 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-11-18 10:01 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-18 10:00 - 2014-11-18 10:01 - 21657592 _____ (Simply Super Software ) C:\Users\Privat\Downloads\trjsetup.exe
2014-11-18 09:59 - 2014-11-18 09:59 - 00000000 ____D () C:\Users\Privat\Documents\Simply Super Software
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\Trojan Remover
2014-11-18 09:58 - 2014-11-18 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-11-18 09:58 - 2014-11-18 09:58 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-11-17 09:46 - 2014-11-17 09:46 - 00000000 __SHD () C:\Users\Privat\AppData\Local\EmieBrowserModeList
2014-11-13 18:34 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:34 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:34 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:34 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:34 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:34 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:34 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:34 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:34 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:34 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:34 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:34 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:34 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:34 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:34 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:34 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:34 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:34 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:34 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:34 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:34 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:34 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:34 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:34 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:34 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:34 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:34 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:34 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:34 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:34 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:34 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:34 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:34 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:34 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:34 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:34 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:34 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:34 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:34 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:34 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:34 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:34 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:34 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:34 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:34 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:31 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:31 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:31 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:31 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:31 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:31 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:31 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:31 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:30 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:30 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:29 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:29 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:29 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:29 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:29 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:29 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:29 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 22:01 - 2014-11-11 22:01 - 01279428 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel.CT
2014-11-11 15:03 - 2014-11-11 15:44 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755
2014-11-11 15:03 - 2014-11-11 15:03 - 13162501 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11936.755.zip
2014-11-10 20:08 - 2014-11-10 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 19:26 - 2014-11-13 18:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Qytir
2014-11-06 19:26 - 2014-11-13 11:14 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Xunoo
2014-11-05 20:26 - 2014-11-06 07:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Udabc
2014-11-05 20:26 - 2014-11-05 20:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Zyzoki
2014-11-05 18:59 - 2014-11-05 18:59 - 01055936 _____ (Adobe) C:\Users\Privat\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-11-05 15:22 - 2014-11-05 15:22 - 00682488 _____ () C:\Users\Privat\Downloads\SC2_v2.1.6.32540 All.CT
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-05 07:37 - 2014-11-05 07:37 - 00000000 ____D () C:\LogMeIn Hamachi
2014-11-03 00:13 - 2014-11-03 00:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Savant_Ascent
2014-11-01 15:33 - 2014-11-01 15:33 - 01013777 _____ () C:\Users\Privat\Downloads\BorderlandsPreSequel(1).CT
2014-10-30 17:32 - 2014-10-30 17:33 - 06180521 _____ () C:\Users\Privat\Downloads\buddy-profiles.honorbuddy.rar
2014-10-30 17:15 - 2014-10-30 17:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Bossland
2014-10-30 17:06 - 2014-11-11 15:04 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753
2014-10-30 17:01 - 2014-10-30 17:02 - 13360657 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11875.753.zip
2014-10-29 17:43 - 2014-10-29 17:44 - 00000000 ____D () C:\Users\Privat\Documents\Heroes of the Storm
2014-10-29 15:34 - 2014-10-29 15:34 - 00000688 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-10-28 16:30 - 2014-10-28 16:30 - 00002060 _____ () C:\Users\Privat\Downloads\moneytype.lua
2014-10-28 16:14 - 2014-10-28 16:14 - 00150719 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1004.CT
2014-10-28 16:08 - 2014-10-28 16:08 - 00052450 _____ () C:\Users\Privat\Downloads\Shinkansen Sid Meier's Civilization Beyond Earth V1000.CT
2014-10-28 13:08 - 2014-10-28 13:08 - 00000000 ____D () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752
2014-10-28 13:07 - 2014-10-28 13:07 - 13180572 _____ () C:\Users\Privat\Downloads\Honorbuddy 2.5.11837.752.zip
2014-10-28 13:05 - 2014-11-11 15:08 - 00000000 ____D () C:\Users\Privat\Downloads\Cd teil
2014-10-28 13:05 - 2014-10-28 13:05 - 00237261 _____ () C:\Users\Privat\Downloads\CDPatcher.zip
2014-10-28 12:55 - 2014-10-28 12:55 - 00005444 _____ () C:\Users\Privat\Downloads\relink.us__sidmecivi.iso_11f422c9c7b724e5e2bfe1c6ff3466.dlc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 21:32 - 2013-02-21 15:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 21:30 - 2013-02-21 15:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2014-11-22 20:50 - 2013-02-20 17:01 - 01412377 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 11:56 - 2013-10-04 19:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2014-11-22 10:44 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 10:44 - 2009-07-14 05:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 10:37 - 2014-10-12 00:02 - 00069858 _____ () C:\Windows\PFRO.log
2014-11-22 10:37 - 2014-10-09 05:07 - 00015176 _____ () C:\Windows\setupact.log
2014-11-22 10:37 - 2013-12-13 17:06 - 00000000 ____D () C:\Users\Privat\AppData\Local\LogMeIn Hamachi
2014-11-22 10:37 - 2013-03-15 23:49 - 00000000 ____D () C:\Users\Privat\AppData\Local\TSVNCache
2014-11-22 10:37 - 2013-02-20 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-22 10:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 10:30 - 2013-05-31 15:35 - 00000000 ____D () C:\Users\Sven
2014-11-22 10:30 - 2013-02-28 11:32 - 00000000 ____D () C:\Users\hedev
2014-11-22 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-21 11:35 - 2014-06-02 12:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 09:05 - 2014-04-06 00:18 - 00000000 ____D () C:\AdwCleaner
2014-11-19 20:52 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Privat\AppData\Local\Apps\2.0
2014-11-19 20:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 20:44 - 2013-03-16 19:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-19 12:04 - 2013-02-20 17:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 21:18 - 2014-10-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-18 12:33 - 2014-04-13 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-11-18 11:01 - 2013-08-27 22:59 - 00000000 ____D () C:\Star Wars JK II Jedi Outcast
2014-11-18 10:59 - 2013-02-22 09:57 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 10:58 - 2014-04-13 12:38 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-11-18 10:58 - 2014-04-13 12:38 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\InstallShield Installation Information
2014-11-18 10:57 - 2014-04-13 13:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2014-11-18 10:57 - 2013-02-22 11:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 10:54 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 10:49 - 2014-06-15 12:24 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-11-18 10:49 - 2014-06-15 12:22 - 00000000 ____D () C:\2-click run
2014-11-18 10:36 - 2013-05-01 12:25 - 00000063 _____ () C:\Windows\SIERRA.INI
2014-11-18 10:34 - 2013-04-15 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-11-18 10:29 - 2014-06-27 07:58 - 00000000 ____D () C:\Creeper World 3
2014-11-18 10:07 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2014-11-18 10:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-17 02:53 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 11:30 - 2014-10-09 05:06 - 00295360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:27 - 2013-08-06 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 11:27 - 2013-02-20 18:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 07:09 - 2011-04-12 08:43 - 00700500 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 07:09 - 2011-04-12 08:43 - 00150138 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 07:09 - 2009-07-14 06:13 - 01624234 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 22:01 - 2013-03-16 19:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-12 20:32 - 2013-02-21 15:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 20:32 - 2013-02-21 15:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:32 - 2013-02-21 15:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 08:24 - 2014-09-02 20:11 - 00000219 _____ () C:\Users\Privat\Desktop\Diablo 3 Bot key.txt
2014-11-11 10:30 - 2013-02-21 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 14:53 - 2013-02-25 11:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\uTorrent
2014-11-04 13:39 - 2013-03-10 00:10 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\.minecraft
2014-10-29 19:55 - 2013-10-28 11:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-29 17:43 - 2013-02-21 15:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-28 12:28 - 2013-03-18 16:18 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2014-10-28 11:40 - 2014-06-02 13:31 - 00000000 ____D () C:\Users\Privat\Downloads\SpeedAutoClicker
2014-10-26 10:15 - 2014-08-28 11:38 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler

Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\Temp\0246511416648554mcinst.exe
C:\Users\Privat\AppData\Local\Temp\Quarantine.exe
C:\Users\Privat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:47

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014 01
Ran by Privat at 2014-11-22 21:36:25
Running from C:\Users\Privat\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Remember Me»  1.0.2056.0 (HKLM-x32\...\Remember Me_is1) (Version: 1.0.2056.0 - CAPCOM)
µTorrent (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
AC3-Deu-x64 1.00 (HKLM-x32\...\AC3-Deu-x64 1.00) (Version: 1.00 - Hexa-keys.de)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Armies of Exigo (HKLM-x32\...\Armies of Exigo_is1) (Version:  - )
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Cave Story (HKLM-x32\...\Cave Story) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chantelise (HKLM-x32\...\Steam App 70420) (Version:  - EasyGameStation)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - )
Curse Client (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dominions 4 - Thrones of Ascension (HKLM-x32\...\Dominions 4 - Thrones of Ascension1.1) (Version: 1.1 - Foxy Games)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
Electronic Super Joy: Groove City (HKLM-x32\...\Steam App 301460) (Version:  - Michael Todd Games)
eMule (HKLM-x32\...\eMule) (Version:  - )
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fortune Summoners: Secret of the Elemental Stone (HKLM-x32\...\Steam App 203510) (Version:  - Lizsoft)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Screen Video Recorder version 2.5.31.1022 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.31.1022 - DVDVideoSoft Ltd.)
GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Honorbuddy (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\{c5d18628-1abd-4da7-a0cd-108ba608da79}) (Version: 2.5.10945.744 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.10945.744 - Bossland GmbH) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Kohan II Kings of War (HKLM-x32\...\InstallShield_{F96A02BA-8F24-44D4-AC69-EE4CAD772290}) (Version: 0.2.0.0 - TimeGate Studios)
Kohan II Kings of War (x32 Version: 0.2.0.0 - TimeGate Studios) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic Workstation 0.94f (HKLM-x32\...\Magic Workstation_is1) (Version:  - Magic Technology)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version:  - )
Mass Effect 3 (c) Bioware version 1 (HKLM-x32\...\TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1) (Version: 1 - )
Mass Effect 3 Firefight DLC 1.00 (HKLM-x32\...\Mass Effect 3 Firefight DLC 1.00) (Version:  - )
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
MegaTrainer eXperience V1.2.5.6 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Miku Dark Vocaloid3 Library (HKLM-x32\...\Miku Dark Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Miku Soft Vocaloid3 Library (HKLM-x32\...\Miku Soft Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
ParaWorld (HKLM-x32\...\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}) (Version: 1.00 - Sunflowers)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.2-1.0.6555.3 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.07 (25.02.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.70.02(21.09.2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sins of a Solar Empire Rebellion (c) Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion (c) Stardock_is1) (Version: 1 - )
Space Run (HKLM-x32\...\Steam App 275670) (Version:  - Passtech Games)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Tropico 4 1.00 (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\Tropico 4) (Version: 1.00 - Kalypso Media)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.122 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-3639632852-3389204036-3798740433-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Vocaloid3 Free Edition v3.0.5.0 (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 - )
VVVVVV (Window v1.0) (HKLM-x32\...\{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1) (Version:  - Terry Cavanagh)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WeGame Client 2.4.3.0 (HKLM-x32\...\12345_is1) (Version: 2.4.3.0 - WeGame.com, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XLink Kai (HKLM-x32\...\{68698000-12EF-4B09-8A80-1C44BE7FF76B}) (Version: 7.4.26.0 - Team XLink)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0c648402-45fe-4fd4-af02-244c74687711}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{0d59693a-5e3e-413a-90ab-7a7af12c988e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{1434a289-0e6d-4f32-9374-96d593732bb9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2549cc27-4bcb-4f26-9e29-b2acfbf22ecf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2cd4e7ef-3985-4b7d-bf9b-9f5698f058ae}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{2f7a7067-3c0c-4126-9d45-6f3119a22f22}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3794ecb7-d216-435c-b437-0578bb1373e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{39a79074-1e2f-4b17-be08-a23c0d6fc2ff}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{3fc73614-c9f4-4a88-8bb7-36e8c2680364}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{4968d3ac-79e0-4c40-901a-bf7f1d7d714f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5052c3ca-b29a-4d5f-8765-c670bc6282ad}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{521215e6-cafb-4139-a411-781ffc69ec5c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{58ce203d-18ac-411a-82e3-b0a4ed5c7c8b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5956bc0f-b5e8-4e10-84bc-50beb2f58207}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{59bbcca9-cda2-4958-ae5e-659a55b0014a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d278f15-30f1-483f-8eb7-7b115f73e647}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5d4eca92-7634-4ada-8803-81fb5480f9bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{5fc89f7a-a180-4d5a-a0f8-1d05fc56d1a7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6270117a-25fb-4e5d-ac22-40f6ac2e89e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{66dd8465-7ed7-45dd-aaab-81893ee157af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6d5f192d-ce46-4778-a172-33d0ae5dd49d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{6e4e9bda-a06e-4382-ab86-4f5ef064b45e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{71a1962a-ee7b-45a4-beb1-0d23380a9e0e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7933c0a8-a94b-4584-90ee-e21de76b6921}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f4a8ee4-8991-41cf-8eae-18e70f279d6e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{7f753600-fe57-40b4-a896-3e2841534682}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{8770452f-0c1d-444a-9474-29e23ecac5c0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{89e1710d-e2b4-447d-aa2c-a085d988c074}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{91ae327d-1f5d-433f-a179-5440e5c7c126}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{997c8920-fd54-4cbd-a9dc-35f02e49091d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{9fb4dedd-6285-4e33-a4ec-c018ca889e73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{a89b61fa-5676-4f81-989d-d19ad0e5d8af}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ae1d19e7-0ce8-4a38-a51c-b6c203909bf5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b07d9d29-3804-4423-885e-7587b5dc2790}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{b8412bfb-eb4b-43aa-b9b4-ce3e19b19baf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ba5c303c-ab4b-48ed-93e0-d28613e2c698}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{bb1257c4-2310-4bb7-91b7-832e98755ea2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c4c7bb01-4688-4085-904a-c40197666f4f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6771431-c5e5-433a-9f76-3fe56f1c99bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{c6b85316-d475-45b9-9afc-4c21c7ade0fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cc75ed99-f5a6-4d54-b0d2-471120910431}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{ce136395-51a2-4623-b80e-fbca55b895b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{cef39d29-8d62-4bd5-a684-e5eee3965400}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{d3a35810-766a-4449-b274-5d05df60fe0b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{dfb6d729-4e4e-4f05-8fb7-aa6df6200490}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fa9c0b42-bc83-44c5-958f-6aeebebf13e4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639632852-3389204036-3798740433-1000_Classes\CLSID\{fba062fa-ad1c-4cc8-ad3a-a892dd2350db}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

22-11-2014 13:30:56 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B96E333-4B53-4646-BFD8-DEBF5A3E5316} - System32\Tasks\{74CBD05A-2D9C-4AC7-A526-170533981E12} => D:\Chrome SpecForce\SpecForce.exe
Task: {1F6C01A4-CD94-4834-A9CD-B772E3F72E18} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software)
Task: {3BF549C7-659F-4C31-96E3-EAF4F2A26866} - System32\Tasks\{327509F3-8BA3-4E7E-9A21-B1B328C2E194} => C:\Creeper World 3 Arc Eternal\CW3.exe
Task: {962BF8C8-6C14-4F95-AE38-CF73CFFFF50D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9EB7E2F1-A976-41D4-A3E3-49B3DDD28AF7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {B64C2150-82D2-4C98-83B7-469CB12FEFF9} - System32\Tasks\{AB82291C-06B1-4FFF-B661-D67F1257B6CA} => D:\Turok 2008\Binaries\TurokGame.exe
Task: {C88FC024-8E77-4FA7-81EA-59FF916653F2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {CC78BBCB-35A4-45FE-8051-8ACCDA93580A} - System32\Tasks\{87939DD5-0693-4AFF-A360-B9BC08DF4B51} => D:\Chrome SpecForce\SpecForce.exe
Task: {FC03E965-4CD7-44EA-9115-495AC5450AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 12:00 - 2012-01-09 12:38 - 00034304 _____ () C:\Windows\System32\sst6clm.dll
2013-02-20 17:30 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-21 21:39 - 2014-02-10 13:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-11 14:02 - 2013-10-11 14:02 - 00753464 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-11-22 21:32 - 2014-11-22 21:32 - 00854414 _____ () C:\Users\Privat\Desktop\SecurityCheck.exe
2013-12-12 23:36 - 2013-12-12 23:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00117704 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2012-10-29 11:08 - 2014-08-07 09:08 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-10 11:46 - 2014-08-07 09:08 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-14 14:40 - 2014-03-14 14:40 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

========================= Accounts: ==========================

Administrator (S-1-5-21-3639632852-3389204036-3798740433-500 - Administrator - Disabled)
Gast (S-1-5-21-3639632852-3389204036-3798740433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3639632852-3389204036-3798740433-1003 - Limited - Enabled)
Privat (S-1-5-21-3639632852-3389204036-3798740433-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2014 09:30:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/22/2014 10:39:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/22/2014 10:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 10:37:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/22/2014 10:37:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 024651~1.EXE, Version: 7.8.712.2, Zeitstempel: 0x5321d133
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7263694d
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0x024651~1.EXE0
Pfad der fehlerhaften Anwendung: 024651~1.EXE1
Pfad des fehlerhaften Moduls: 024651~1.EXE2
Berichtskennung: 024651~1.EXE3

Error: (11/22/2014 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:03:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/21/2014 10:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x19b4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (11/22/2014 00:33:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/22/2014 11:02:37 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARVIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{484ED582-A314-4157-AC4F-B569A13FCFA1}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/22/2014 10:40:31 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/22/2014 10:37:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01a

Error: (11/22/2014 10:37:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee Application Installer Cleanup (0246511416648554)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/22/2014 10:37:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (11/22/2014 10:37:08 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (11/22/2014 10:30:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/22/2014 10:01:38 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARVIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{484ED582-A314-4157-AC4F-B569A13FCFA1}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/22/2014 09:03:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01a


Microsoft Office Sessions:
=========================
Error: (11/22/2014 09:30:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/22/2014 10:39:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVC7W14Z\esetsmartinstaller_deu.exe

Error: (11/22/2014 10:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 10:37:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/22/2014 10:37:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 024651~1.EXE7.8.712.25321d133unknown0.0.0.000000000c00000057263694d66801d00637ec011d39C:\Users\Privat\AppData\Local\Temp\024651~1.EXEunknown32de13e1-722b-11e4-986f-00016c6e4c57

Error: (11/22/2014 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:03:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/21/2014 10:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142519b401d0056d85539adcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld041ce05-7160-11e4-ae56-00016c6e4c57


CodeIntegrity Errors:
===================================
  Date: 2014-11-19 20:44:41.503
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-19 20:44:41.471
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 52%
Total physical RAM: 4087.08 MB
Available physical RAM: 1945.16 MB
Total Pagefile: 8172.34 MB
Available Pagefile: 6074.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:10.7 GB) NTFS
Drive d: () (Fixed) (Total:278.32 GB) (Free:72.7 GB) NTFS
Drive e: () (Fixed) (Total:506.71 GB) (Free:117.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 79A3541B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=278.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=506.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 23.11.2014, 14:57

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\System32\Setup.exe
C:\Windows\SysWOW64\Setup.exe
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
FF NetworkProxy: "backup.ftp", "37.187.85.128"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.socks", "37.187.85.128"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "37.187.85.128"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "37.187.85.128"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "http", "37.187.85.128"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "37.187.85.128"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "37.187.85.128"
FF NetworkProxy: "ssl_port", 8081
S2 0246511416648554mcinstcleanup; C:\Users\Privat\AppData\Local\Temp\024651~1.EXE [836168 2014-03-13] (McAfee, Inc.)
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Franky10 · 24.11.2014, 13:19

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Privat at 2014-11-24 13:11:55 Run:1
Running from C:\Users\Privat\Downloads
Loaded Profile: Privat (Available profiles: Privat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\System32\Setup.exe
C:\Windows\SysWOW64\Setup.exe
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE585&p=
FF NetworkProxy: "backup.ftp", "37.187.85.128"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.socks", "37.187.85.128"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "37.187.85.128"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "37.187.85.128"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "http", "37.187.85.128"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "37.187.85.128"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "37.187.85.128"
FF NetworkProxy: "ssl_port", 8081
S2 0246511416648554mcinstcleanup; C:\Users\Privat\AppData\Local\Temp\024651~1.EXE [836168 2014-03-13] (McAfee, Inc.)
Emptytemp:
         
*****************

"C:\Windows\System32\Setup.exe" => File/Directory not found.
"C:\Windows\SysWOW64\Setup.exe" => File/Directory not found.
Firefox Keyword.URL deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
0246511416648554mcinstcleanup => Service not found.
EmptyTemp: => Removed 8.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Vielen dank für die Hilfe, es hat soweit alles gut funktioniert und die Probleme die ich hatte sind fast alle behoben, nur eine Sache ist bisher leider nicht behoben, im Taskmanager unter Prozesse fehlt nach wie vor die Spalte Abbildname und ich konnte bisher leider nicht herausfinden wie ich die wieder angezeigt bekommen kann.

schrauber · 25.11.2014, 09:35

kannste mir davon mal einen Screenshot machen?

Franky10 · 25.11.2014, 10:01

25.11.2014, 09:35	#14
schrauber /// the machine /// TB-Ausbilder	Benutzerkontensteuerung Deaktiviert kannste mir davon mal einen Screenshot machen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Benutzerkontensteuerung Deaktiviert

Plagegeister aller Art und deren Bekämpfung: Benutzerkontensteuerung Deaktiviert