| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Uninstall von au_.exe löscht alle Dateien auf der HDWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.01.2015, 05:55
| #1 |
| |  Uninstall von au_.exe löscht alle Dateien auf der HD Vor und nach der Installation von gImageReader (hxxp://sourceforge.net/projects/gimagereader/) hat ein Scan mit Kaspersky und Malwarebytes nichts Verdächtiges ergeben. Bei der Deinstallation (Systemsteuerung > Programme und Funktionen > Rechtsklick auf gImageReader > Uninstall) hat der Uninstaller aber verdächtig viel Zeit in Anspruch genommen. Bei den schnell vorbeiflackernden Dateinamen sind mir dann plötzlich Pfade aufgefallen, welche nicht mit gImageReader im Zusammenhang standen. Der Uninstaller lies sich nicht über das GUI stoppen. Also habe ich den Uninstall Prozess au_.exe über CTRL+ALT+DEL abgebrochen. Auch jetzt haben die Scans nichts Verdächtiges erkannt. Aber auf meiner Festplatte sind nun ganze Ordner gelöscht worden. Interessant ist, dass sich der Schaden nur auf Ordner beschränkt im gleichen Grundordner wo gImageReader abgespeichert war (vielleicht auch nur Zufall, weil ich manuell abgebrochen habe). Aus den gefunden Beiträgen zu au_.exe bin ich leider nicht schlau geworden. Ich würde gerne Logs von posten, aber die Scanner finden einfach nichts. Weiss jemand was au_.exe genau ist und wie gefährdet ist mein PC im Moment? Geändert von FluffyBunny (18.01.2015 um 06:11 Uhr) |
|
18.01.2015, 08:21
| #2 |
| /// the machine /// TB-Ausbilder    | Uninstall von au_.exe löscht alle Dateien auf der HD hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.01.2015, 14:52
| #3 |
| | Uninstall von au_.exe löscht alle Dateien auf der HD Danke schonmals für die schnelle Reaktion. Ich sollte vielleicht erwähnen, dass du gImageReader in den Log files nicht finden wirst, weil er bereits entfernt wrude.
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by LXA (administrator) on LXAPC on 18-01-2015 13:56:42 Running from D:\FirefoxDownloads Loaded Profiles: LXA (Available profiles: LXA & Kosmos) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () D:\Software\Synology\Assistant\UsbClientService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE (Skype Technologies S.A.) D:\Software\Skype\Phone\Skype.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\old_Overwolf.exe (FNet Co., Ltd.) C:\Program Files (x86)\PCCloneEx Lite+\PCCloneEx_Lite+.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mad Catz) C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.103.0\OverwolfHelper.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.103.0\OverwolfHelper64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.103.0\OverwolfBrowser.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation) HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [X-55 Rhino] => C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe [86528 2014-04-11] (Mad Catz) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.) HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\Run: [mapdisk] => "D:\Software\ArmAWork\mapdisk.bat" HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\Run: [Skype] => D:\Software\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40176 2015-01-12] (Overwolf LTD) HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\MountPoints2: {245cc35a-6d46-11e2-a42f-902b343597aa} - "J:\WD SmartWare.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCCloneEx Lite+.lnk ShortcutTarget: PCCloneEx Lite+.lnk -> C:\Program Files (x86)\PCCloneEx Lite+\PCCloneEx_Lite+.exe (FNet Co., Ltd.) Startup: C:\Users\Kosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Software\Java\bin\ssv.dll No File BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Software\Java\bin\jp2ssv.dll No File BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 195.186.4.162 195.186.1.162 FireFox: ======== FF ProfilePath: C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> D:\Software\Java\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> D:\Software\Java\bin\plugin2\npjp2.dll No File FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Software\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2419279098-3096199323-2602763189-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LXA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2419279098-3096199323-2602763189-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-2419279098-3096199323-2602763189-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Plugin HKU\S-1-5-21-2419279098-3096199323-2602763189-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\searchplugins\duckduckgo.xml FF Extension: Print pages to PDF - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\printPages2Pdf@reinhold.ripper [2013-11-05] FF Extension: Lightshot (screenshot tool) - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-05] FF Extension: YouTube Video and Audio Downloader - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-11-05] FF Extension: UI Fixer - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\ff4uifix@nikolakocic.com.xpi [2013-11-05] FF Extension: Ghostery - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\firefox@ghostery.com.xpi [2013-11-05] FF Extension: Lightbeam - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-05] FF Extension: Image Search Options - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2013-11-05] FF Extension: Adblock Plus - C:\Users\LXA\AppData\Roaming\Mozilla\Firefox\Profiles\zmnvygj2.default-1383650967190\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-05] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-12] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-12] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-12] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-12] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-19] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-15] (EasyAntiCheat Ltd) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-12] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-02] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-11-28] () S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies) R2 UsbClientService; D:\Software\Synology\Assistant\UsbClientService.exe [248736 2014-01-23] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R1 FNETURPX; C:\Windows\SysWOW64\drivers\FNETURPX.SYS [16648 2014-10-08] (FNet Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-12] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation) R3 Said2215; C:\Windows\System32\DRIVERS\Said2215.sys [25280 2014-03-06] (Saitek) R3 Saida215; C:\Windows\System32\DRIVERS\Saida215.sys [25280 2014-03-06] (Saitek) R3 SaiG2215; C:\Windows\System32\DRIVERS\SaiG2215.sys [179904 2014-03-06] (Saitek) R3 SaiGa215; C:\Windows\System32\DRIVERS\SaiGa215.sys [179904 2014-03-06] (Saitek) R3 SaiK2215; C:\Windows\System32\DRIVERS\SaiK2215.sys [179904 2014-03-06] (Saitek) R3 SaiKa215; C:\Windows\System32\DRIVERS\SaiKa215.sys [179904 2014-03-06] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24040 2014-03-06] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-03-06] (Saitek) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.) S3 ALSysIO; \??\C:\Users\LXA\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 13:55 - 2015-01-18 13:56 - 00000000 ____D () C:\FRST 2015-01-18 01:45 - 2015-01-18 01:45 - 00000842 _____ () C:\Users\LXA\AppData\Local\recently-used.xbel 2015-01-17 23:23 - 2015-01-17 23:22 - 00001114 _____ () C:\Users\LXA\Desktop\Capture2Text.exe - Verknüpfung.lnk 2015-01-17 22:35 - 2015-01-17 22:35 - 00001611 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk 2015-01-17 22:35 - 2015-01-17 22:35 - 00000000 ____D () C:\ProgramData\Citrix 2015-01-17 20:15 - 2015-01-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2015-01-17 20:15 - 2015-01-17 20:15 - 00003728 _____ () C:\Windows\System32\Tasks\Overwolf Updater Task 2015-01-17 20:15 - 2015-01-17 20:15 - 00001980 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2015-01-17 20:15 - 2015-01-17 20:15 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2015-01-17 20:15 - 2015-01-17 20:15 - 00000000 ____D () C:\ProgramData\Overwolf 2015-01-17 20:14 - 2015-01-18 13:42 - 00000000 ____D () C:\Users\LXA\AppData\Local\Overwolf 2015-01-17 20:14 - 2015-01-17 20:14 - 00000619 _____ () C:\Users\LXA\Desktop\TeamSpeak 3 Client.lnk 2015-01-17 20:14 - 2015-01-17 20:14 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-15 20:59 - 2015-01-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-01-15 20:57 - 2015-01-15 20:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-01-14 03:06 - 2015-01-14 03:06 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-14 03:05 - 2015-01-14 03:05 - 00243728 _____ () C:\Users\LXA\Downloads\Firefox Setup Stub 35.0.exe 2015-01-14 03:04 - 2015-01-14 03:04 - 00000000 ____D () C:\Users\LXA\Desktop\zmnvygj2.default-1383650967190 2015-01-14 02:59 - 2015-01-14 02:59 - 00001802 _____ () C:\Users\LXA\Desktop\sc-cleaner.txt 2015-01-14 02:58 - 2015-01-14 02:58 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\LXA\Downloads\sc-cleaner.exe 2015-01-14 02:56 - 2015-01-14 02:57 - 00000696 _____ () C:\Users\LXA\Desktop\JRT.txt 2015-01-14 02:53 - 2015-01-14 02:53 - 01707939 _____ (Thisisu) C:\Users\LXA\Downloads\JRT.exe 2015-01-14 02:53 - 2015-01-14 02:53 - 00000000 ____D () C:\Windows\ERUNT 2015-01-14 02:50 - 2015-01-14 02:50 - 00002595 _____ () C:\Users\LXA\Desktop\AdwCleaner[S0].txt 2015-01-14 02:46 - 2015-01-17 23:55 - 00000000 ____D () C:\AdwCleaner 2015-01-14 02:46 - 2015-01-14 02:46 - 02191360 _____ () C:\Users\LXA\Downloads\adwcleaner_4.107 (3).exe 2015-01-14 02:46 - 2015-01-14 02:46 - 02191360 _____ () C:\Users\LXA\Downloads\adwcleaner_4.107 (2).exe 2015-01-14 02:46 - 2015-01-14 02:46 - 02191360 _____ () C:\Users\LXA\Downloads\AdwCleaner_4.107 (1).exe 2015-01-14 02:43 - 2015-01-14 02:43 - 00043004 _____ () C:\Users\LXA\Desktop\mbam.txt 2015-01-14 02:32 - 2015-01-18 13:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-14 02:31 - 2015-01-14 02:31 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-14 02:31 - 2015-01-14 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-14 02:31 - 2015-01-14 02:31 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-14 02:31 - 2015-01-14 02:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-14 02:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-14 02:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-14 02:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-14 02:27 - 2015-01-14 02:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\LXA\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-14 00:10 - 2015-01-14 00:10 - 00262144 _____ () C:\Windows\system32\config\elam 2015-01-14 00:09 - 2015-01-14 02:26 - 00002169 _____ () C:\Windows\patsearch.bin 2015-01-14 00:09 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx 2015-01-11 16:28 - 2015-01-11 16:38 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\MonoDevelop-Unity-4.0 2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\stetic 2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\LXA\AppData\Local\MonoDevelop-Unity-4.0 2015-01-06 22:37 - 2015-01-17 22:35 - 00000000 ____D () C:\Program Files (x86)\Citrix 2015-01-04 03:12 - 2015-01-11 21:42 - 00000000 ____D () C:\ProgramData\Unity 2015-01-04 03:12 - 2015-01-04 03:12 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Apple Computer 2015-01-04 03:12 - 2015-01-04 03:12 - 00000000 ____D () C:\Users\LXA\AppData\Local\Apple Computer 2015-01-04 03:11 - 2015-01-04 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2015-01-04 03:11 - 2015-01-04 03:11 - 00000772 _____ () C:\Users\Public\Desktop\Unity.lnk 2015-01-04 03:11 - 2015-01-04 03:11 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2015-01-04 02:25 - 2015-01-04 02:25 - 00000000 ____D () C:\ProgramData\2DF43EC6E3D7CC0D3F4CB01C57180D34 2014-12-30 01:36 - 2014-12-30 01:36 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\DataRecommendations 2014-12-30 01:36 - 2014-12-30 01:36 - 00000000 ____D () C:\Users\LXA\AppData\Local\Microsoft_Corporation 2014-12-29 07:11 - 2014-12-29 07:11 - 00000000 ____D () C:\Users\LXA\Documents\Benutzerdefinierte Office-Vorlagen 2014-12-29 07:07 - 2014-12-29 07:07 - 00002202 _____ () C:\Users\LXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-12-29 07:07 - 2014-12-29 07:07 - 00002129 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-12-29 07:07 - 2014-12-29 07:07 - 00002129 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-12-29 07:07 - 2014-12-29 07:07 - 00000000 ___RD () C:\Users\LXA\OneDrive 2014-12-29 07:07 - 2014-12-29 07:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-12-29 07:07 - 2014-12-29 07:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive 2014-12-29 06:29 - 2014-12-29 06:29 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-12-29 06:28 - 2014-12-29 06:28 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\LibreOffice 2014-12-29 01:03 - 2014-12-29 01:03 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\OpenOffice 2014-12-27 23:04 - 2014-12-27 23:04 - 00000000 ____D () C:\Users\LXA\Documents\7 Days To Die 2014-12-27 23:01 - 2014-12-15 16:29 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-12-27 22:49 - 2014-12-27 22:49 - 00000000 ____D () C:\Users\LXA\Documents\Thief 2014-12-22 08:43 - 2014-12-22 08:43 - 00000000 __SHD () C:\Users\Kosmos\AppData\Local\EmieBrowserModeList 2014-12-22 08:43 - 2014-12-22 08:43 - 00000000 ____D () C:\Users\Kosmos\AppData\Local\NVIDIA Corporation 2014-12-22 08:42 - 2014-12-22 08:42 - 00000000 ____D () C:\Users\Kosmos\AppData\Local\NVIDIA 2014-12-22 08:39 - 2014-12-22 08:39 - 00000000 __SHD () C:\Users\LXA\AppData\Local\EmieBrowserModeList 2014-12-21 11:08 - 2014-12-21 11:08 - 00000000 ____D () C:\Users\LXA\AppData\Local\Logitech 2014-12-21 10:51 - 2014-12-21 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2014-12-21 10:51 - 2014-12-21 10:51 - 00000000 ____D () C:\Program Files\Logitech 2014-12-21 10:51 - 2014-12-21 10:51 - 00000000 ____D () C:\Program Files\Common Files\Logitech 2014-12-20 04:24 - 2014-12-20 04:24 - 00003005 _____ () C:\Users\LXA\Desktop\X-55 Rhino.lnk 2014-12-20 04:24 - 2014-12-20 04:24 - 00000000 ____D () C:\Program Files\Mad Catz 2014-12-20 04:06 - 2014-12-20 04:06 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-20 03:59 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-20 03:59 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-20 03:59 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-20 03:59 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-20 03:59 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-20 03:59 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-20 03:59 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-20 03:59 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-20 03:59 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-20 03:59 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-20 03:58 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-20 03:58 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-20 03:58 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-20 03:58 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-20 03:58 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-20 03:58 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-20 03:58 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-20 03:58 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-20 03:58 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-20 03:58 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-20 03:58 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-20 03:58 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-20 03:58 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-20 03:58 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-20 03:58 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-20 03:58 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-20 03:58 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-20 03:58 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-20 03:58 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-20 03:58 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-20 03:58 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-20 03:58 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-20 03:58 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-20 03:58 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-20 03:58 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-20 03:58 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-20 03:58 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-20 03:58 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-20 03:58 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-20 03:58 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-20 03:58 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-20 03:58 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-20 03:58 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-20 03:58 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-20 03:58 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-20 03:58 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-20 03:58 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-20 03:58 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-20 03:58 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-20 03:58 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-20 03:58 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-20 03:58 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-20 03:58 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-20 03:58 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-20 03:58 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-20 03:58 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-20 03:58 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-20 03:58 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-20 03:58 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-20 03:58 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-20 03:58 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-20 03:58 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-20 03:58 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-20 03:58 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-20 03:58 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-20 03:58 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-20 03:56 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-20 03:56 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-20 03:56 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-20 03:56 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-20 03:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-12-20 03:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-12-20 03:56 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-20 03:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-12-20 03:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-12-20 03:56 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-20 03:56 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-20 03:56 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-20 03:56 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-20 03:56 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-20 03:56 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-12-20 03:56 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-12-20 03:56 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-12-20 03:56 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-12-20 03:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-12-20 03:56 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-12-20 03:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-12-20 03:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-12-20 03:56 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-12-20 03:56 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-12-20 03:56 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-12-20 03:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-12-20 03:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-12-20 03:56 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-12-20 03:56 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-20 03:56 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-12-20 03:56 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-20 03:56 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-20 03:56 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-20 03:56 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-12-20 03:56 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-12-20 03:56 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-12-20 03:56 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-12-20 03:56 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-20 03:56 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-20 03:56 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-20 03:56 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-20 03:56 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-20 03:56 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-12-20 03:56 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-12-20 03:56 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-20 03:56 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-12-20 03:56 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-12-20 03:56 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-12-20 03:56 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-12-20 03:56 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-12-20 03:56 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-12-20 03:56 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-12-20 03:56 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-12-20 03:56 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-12-20 03:56 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-12-20 03:56 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-12-20 03:56 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-12-20 03:56 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-12-20 03:56 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-12-20 03:56 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-12-20 03:56 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-12-20 03:56 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-12-20 03:56 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-12-20 03:56 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-12-20 03:56 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-12-20 03:56 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-12-20 03:55 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-12-20 03:55 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-12-20 03:54 - 2014-12-20 03:54 - 00000000 ____D () C:\Users\LXA\AppData\Local\NVIDIA Corporation 2014-12-20 03:54 - 2013-10-30 18:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-20 03:54 - 2013-10-30 18:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-20 03:02 - 2014-12-20 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK2215_01009.Wdf 2014-12-20 03:02 - 2014-12-20 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiG2215_01009.Wdf 2014-12-19 10:43 - 2014-12-19 10:43 - 00000000 ____D () C:\Users\LXA\AppData\Local\SmartTechnology 2014-12-19 10:41 - 2014-12-19 10:41 - 00000000 ____D () C:\Users\Public\Documents\Mad Catz 2014-12-19 10:37 - 2014-12-19 10:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiKa215_01009.Wdf 2014-12-19 10:37 - 2014-12-19 10:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiGa215_01009.Wdf 2014-12-19 10:36 - 2014-12-19 10:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Saida215_01009.Wdf 2014-12-19 10:36 - 2014-12-19 10:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Said2215_01009.Wdf 2014-12-19 10:22 - 2014-12-27 17:11 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Post Master ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 13:56 - 2013-11-12 01:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-18 13:48 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-18 13:48 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-18 13:47 - 2011-04-12 08:43 - 00714410 _____ () C:\Windows\system32\perfh007.dat 2015-01-18 13:47 - 2011-04-12 08:43 - 00154268 _____ () C:\Windows\system32\perfc007.dat 2015-01-18 13:47 - 2009-07-14 06:13 - 01650272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-18 13:44 - 2012-10-22 12:30 - 01973530 _____ () C:\Windows\WindowsUpdate.log 2015-01-18 13:42 - 2013-03-17 19:29 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Skype 2015-01-18 13:41 - 2013-03-23 00:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-18 13:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-18 13:41 - 2009-07-14 05:51 - 00234728 _____ () C:\Windows\setupact.log 2015-01-18 04:16 - 2012-12-11 12:56 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\vlc 2015-01-18 01:45 - 2013-01-23 22:55 - 00000000 ____D () C:\Users\LXA\.gimp-2.8 2015-01-18 00:26 - 2014-09-28 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-18 00:26 - 2013-03-17 19:29 - 00002677 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-18 00:26 - 2013-03-17 19:29 - 00000000 ____D () C:\ProgramData\Skype 2015-01-17 23:56 - 2010-11-21 04:47 - 00257904 _____ () C:\Windows\PFRO.log 2015-01-17 23:48 - 2012-12-15 13:24 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Azureus 2015-01-17 22:35 - 2012-11-28 23:12 - 00000000 ____D () C:\Users\LXA\AppData\Local\Citrix 2015-01-17 22:17 - 2012-10-28 14:49 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Mozilla 2015-01-17 22:02 - 2012-10-28 18:56 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\TS3Client 2015-01-16 21:26 - 2009-07-14 05:45 - 00472800 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-15 21:01 - 2012-10-23 10:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-01-14 21:52 - 2013-12-30 18:04 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\SpaceEngineers 2015-01-14 19:06 - 2012-11-09 19:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 03:11 - 2014-06-12 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 03:06 - 2014-12-12 13:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 03:06 - 2012-10-28 14:49 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-14 02:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas 2015-01-14 01:28 - 2014-02-10 21:52 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\SoftGrid Client 2015-01-14 00:10 - 2012-12-10 14:33 - 00001156 _____ () C:\Users\LXA\Desktop\Mozilla Firefox.lnk 2015-01-14 00:10 - 2012-10-22 12:31 - 00001442 _____ () C:\Users\LXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-12 01:08 - 2012-10-23 09:59 - 00122736 _____ () C:\Users\LXA\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-04 20:07 - 2013-03-17 19:29 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-04 15:55 - 2013-10-22 02:18 - 00000000 ____D () C:\Users\LXA\AppData\Local\Unity 2015-01-04 03:31 - 2013-10-28 21:56 - 00000000 ____D () C:\Users\LXA\AppData\Roaming\Unity 2015-01-04 02:25 - 2012-12-11 23:22 - 00000000 ____D () C:\Users\LXA\AppData\Local\gamemaker_studio 2015-01-04 02:24 - 2012-12-11 23:22 - 00000000 ____D () C:\ProgramData\gamemaker_studio 2015-01-02 05:02 - 2013-07-13 17:21 - 00000000 ____D () C:\Users\LXA\Documents\Telltale Games 2015-01-02 05:02 - 2012-10-28 20:15 - 00379169 _____ () C:\Windows\DirectX.log 2014-12-30 01:21 - 2014-05-07 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-29 07:07 - 2012-10-22 12:30 - 00000000 ____D () C:\Users\LXA 2014-12-29 06:56 - 2012-10-22 12:30 - 00000000 ____D () C:\Users\LXA\AppData\Local\VirtualStore 2014-12-21 16:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-21 11:18 - 2014-11-28 23:46 - 00000000 ____D () C:\Users\LXA\Documents\Euro Truck Simulator 2 2014-12-20 04:06 - 2014-10-26 19:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-20 04:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-20 04:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-20 04:04 - 2014-10-26 18:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-20 04:00 - 2012-10-28 20:12 - 01623552 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-12-20 03:55 - 2013-07-15 21:00 - 00000000 ____D () C:\Users\LXA\AppData\Local\NVIDIA 2014-12-20 03:54 - 2013-03-23 00:29 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-20 03:54 - 2012-10-22 12:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-20 03:54 - 2012-10-22 12:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation ==================== Files in the root of some directories ======= 2014-04-19 23:06 - 2014-04-21 17:53 - 0000282 _____ () C:\Users\LXA\AppData\Roaming\BreakingPoint_Login.ini 2014-04-19 23:05 - 2014-04-21 18:50 - 0001214 _____ () C:\Users\LXA\AppData\Roaming\BreakingPoint_Options.ini 2014-06-14 12:27 - 2014-06-14 17:28 - 0000099 _____ () C:\Users\LXA\AppData\Roaming\LauncherSettings_live.cfg 2014-06-14 12:02 - 2014-06-14 12:02 - 0000040 _____ () C:\Users\LXA\AppData\Roaming\TheHunterSettings_steam_live.cfg 2013-02-02 16:35 - 2013-02-02 16:35 - 0003584 _____ () C:\Users\LXA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-18 01:45 - 2015-01-18 01:45 - 0000842 _____ () C:\Users\LXA\AppData\Local\recently-used.xbel 2012-10-28 15:09 - 2012-11-27 18:34 - 0007621 _____ () C:\Users\LXA\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\LXA\AppData\Local\Temp\0AE08211-ADA8-43E5-3A5E-2E4AA227D9D6.exe C:\Users\LXA\AppData\Local\Temp\27509CCB-51CE-FB21-50D5-0B962975D5C3.dll C:\Users\LXA\AppData\Local\Temp\27509CCB-51CE-FB21-50D5-0B962975D5C3.exe C:\Users\LXA\AppData\Local\Temp\AskSLib.dll C:\Users\LXA\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\LXA\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\LXA\AppData\Local\Temp\drm_dyndata_7380014.dll C:\Users\LXA\AppData\Local\Temp\drm_dyndata_7410004.dll C:\Users\LXA\AppData\Local\Temp\freeocr_main.exe C:\Users\LXA\AppData\Local\Temp\gotang.exe C:\Users\LXA\AppData\Local\Temp\i4jdel0.exe C:\Users\LXA\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\LXA\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\LXA\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\LXA\AppData\Local\Temp\nvSCPAPI.dll C:\Users\LXA\AppData\Local\Temp\nvStereoApiI.dll C:\Users\LXA\AppData\Local\Temp\nvStInst.exe C:\Users\LXA\AppData\Local\Temp\Quarantine.exe C:\Users\LXA\AppData\Local\Temp\sdf80C8.exe C:\Users\LXA\AppData\Local\Temp\sfamcc00001.dll C:\Users\LXA\AppData\Local\Temp\sfextra.dll C:\Users\LXA\AppData\Local\Temp\Social Club v1.1.0.6 Setup.exe C:\Users\LXA\AppData\Local\Temp\sqlite3.dll C:\Users\LXA\AppData\Local\Temp\swt-win32-3349.dll C:\Users\LXA\AppData\Local\Temp\ubi91D7.tmp.exe C:\Users\Kosmos\AppData\Local\Temp\i4jdel0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 20:25 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by LXA at 2015-01-18 13:57:03
Running from D:\FirefoxDownloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
A Story About My Uncle (HKLM-x32\...\Steam App 278360) (Version: - Gone North Games)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auditorium (HKLM-x32\...\Steam App 205870) (Version: - Cipher Prime Studios)
Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version: - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version: - Telltale Games)
Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version: - Telltale Games)
Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version: - Telltale Games)
Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version: - Telltale Games)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Betrayer (HKLM-x32\...\Steam App 243120) (Version: - Blackpowder Games)
BinMake Uninstall (HKLM-x32\...\BinMake) (Version: - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BI's Tools drive Uninstall (HKLM-x32\...\BI's Tools drive) (Version: - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Car Mechanic Simulator 2014 (HKLM-x32\...\Steam App 270850) (Version: - PlayWay S.A.)
Chaos on Deponia (HKLM-x32\...\Steam App 220740) (Version: - Daedalic Entertainment)
Circuits (HKLM-x32\...\Steam App 282760) (Version: - Digital Tentacle)
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Cole2k Media - Codec Pack (Advanced) 8.0.1 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: - Cole2k Media)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{99C28455-E285-4639-B4C6-9F747C0C3D4C}) (Version: 0.92.90 - Dotjosh Studios)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version: - Positech Games)
Democracy 3 Austria Mod (HKLM-x32\...\Democracy 3_is1) (Version: - Positech Games)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Dxtory 2.0.108 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.108 - Dxtory Software)
Element4l (HKLM-x32\...\Steam App 235820) (Version: - I-Illusions)
Elite Dangerous Launcher version 0.4.1765.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.1765.0 - Frontier Developments)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Epson Benutzerhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version: - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farming World (HKLM-x32\...\Steam App 277500) (Version: - Excalibur)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FileZilla Client 3.8.1 (HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Game of Thrones (HKLM-x32\...\{4B1B0CB7-B136-45D6-A63B-CF01EE964E50}_is1) (Version: 1.0.0.0 - Telltale Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company)
Goodbye Deponia (HKLM-x32\...\Steam App 241910) (Version: - Daedalic Entertainment)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - )
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
I Am Alive (HKLM-x32\...\Steam App 214250) (Version: - )
Influent (HKLM-x32\...\Steam App 274980) (Version: - Rob Howland)
InFlux (HKLM\...\UDK-11624e5d-e84e-4eeb-a119-523ec7bd678b) (Version: - Epic Games, Inc.)
InFlux (HKLM-x32\...\Steam App 246980) (Version: - Impromptu Games)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lara Croft and the Temple of Osiris (HKLM-x32\...\Steam App 289690) (Version: - Crystal Dynamics)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version: - Bitbox Ltd.)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM-x32\...\LuaEdit 2010_is1) (Version: - Open Source)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.46.0 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
Of Guards And Thieves (HKLM-x32\...\Steam App 302590) (Version: - Subvert Games)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.104.0 - Overwolf Ltd.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 - )
PCCloneEx Lite+ (HKLM-x32\...\PCCloneEx Lite+) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Post Master (HKLM-x32\...\Steam App 275080) (Version: - Excalibur)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Private Tax 2011 1.5 (HKLM-x32\...\4095-7861-2728-4611) (Version: 1.5 - Information Factory AG)
Private Tax 2012 2.7 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.7 - Information Factory AG)
Private Tax 2013 1.4.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.4.0 - Information Factory AG)
Probably Archery (HKLM-x32\...\Steam App 263420) (Version: - South East Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)
Rescue: Everyday Heroes (HKLM-x32\...\Steam App 253130) (Version: - Fragment Production Ltd)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Shelter (HKLM-x32\...\Steam App 244710) (Version: - Might and Delight)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam Trading Card Beta Access (HKLM-x32\...\Steam App 202352) (Version: - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.63.05 - )
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
TeamSpeak 3 Client (HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version: - )
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Legend of Korra™ (HKLM-x32\...\Steam App 281690) (Version: - Platinum Games)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version: - Outerlight)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\The Walking Dead: Season Two) (Version: 1.0.0.0 - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version: - Stridemann)
Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version: - Ubisoft Montreal)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unity (HKLM-x32\...\Unity) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2419279098-3096199323-2602763189-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
VideoMach (HKLM-x32\...\VideoMach) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8.1.0 - Azureus Software, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
War Thunder Launcher 1.0.1.162 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version: - Noble Empire Corp.)
X-55 Rhino (HKLM\...\{0BE6604F-766C-46AF-92C8-D4DFD65FFEBE}) (Version: 7.0.33.91 - Mad Catz Inc)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\LXA\AppData\LocalLow\Unity\WebPlayer\loader-x64\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\LXA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\LXA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\LXA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\LXA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2419279098-3096199323-2602763189-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\LXA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-01-2015 06:31:49 Windows Update
12-01-2015 01:04:20 OpenOffice 4.1.1 wird entfernt
12-01-2015 01:06:21 Removed LibreOffice 4.2.8.2
12-01-2015 01:06:56 Removed LibreOffice 4.2.8.2
12-01-2015 01:07:19 Removed LibreOffice 4.2.8.2
17-01-2015 22:13:03 Removed Citrix XenApp Web Plugin
17-01-2015 22:15:21 Removed Citrix XenApp Web Plugin
17-01-2015 22:17:22 Removed Citrix XenApp Web Plugin
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05CB779F-BBC3-421A-8A3E-03441D73356A} - System32\Tasks\{A55E9DCB-5682-4067-917B-70C96DFF3635} => pcalua.exe -a D:\FirefoxDownloads\ARMA2_OA_Build_101480\ARMA2_OA_Build_101480.exe -d D:\FirefoxDownloads\ARMA2_OA_Build_101480
Task: {08FA2838-7065-406F-8790-826B92BA3E7A} - System32\Tasks\{AE05C2AD-E178-4E9E-B2F7-E388003F833F} => pcalua.exe -a D:\FirefoxDownloads\ARMA2_OA_Build_102678\ARMA2_OA_Build_102678.exe -d D:\FirefoxDownloads\ARMA2_OA_Build_102678
Task: {16BB68C7-870A-40CF-9620-5EA69F16EA0C} - System32\Tasks\{EBACEEC2-6F35-4975-BD40-82B077CD0B07} => pcalua.exe -a D:\FirefoxDownloads\dxwebsetup(2).exe -d D:\FirefoxDownloads
Task: {2FFD9BA3-5354-4A16-9D00-84F8D736DB31} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {34F527EA-7130-4687-B2AD-D500FCE6E27C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-15] (Microsoft Corporation)
Task: {3A38F7E6-AAD5-4079-9FDA-86C0485A9DE0} - System32\Tasks\{A3D77D74-1ACE-4253-AC53-23DEE7807E3B} => pcalua.exe -a "D:\Software\Steam\SteamApps\common\napoleon total war\Uninstall DarthMod Napoleon.exe" -d "D:\Software\Steam\SteamApps\common\napoleon total war"
Task: {3FB9E078-0EEE-41FB-B572-6296990F2996} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {4AB16F3E-4E76-4E13-9EF2-806873F76665} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {7250158F-0B45-4481-A0CF-63FFDDDF3EC9} - System32\Tasks\{4508CEC7-5DA6-47AE-9334-562EEF524B80} => pcalua.exe -a D:\FirefoxDownloads\ARMA2_OA_Build_103419\ARMA2_OA_Build_103419.exe -d D:\FirefoxDownloads\ARMA2_OA_Build_103419
Task: {7B7F2603-19F3-4962-8381-740BA4EAF624} - \{6C9A6DFD-1F34-45BF-9AC6-44BD1E2A7492} No Task File <==== ATTENTION
Task: {908B0E8E-E4E8-442E-B737-8860083AA201} - System32\Tasks\{C47B1914-2F9E-470F-8228-CCBF9B8CAEDA} => pcalua.exe -a D:\FirefoxDownloads\ARMA2_OA_Build_99343\ARMA2_OA_Build_99343.exe -d D:\FirefoxDownloads\ARMA2_OA_Build_99343
Task: {BE4D8EC2-C740-45FC-BBF1-C0F56D0CCD49} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C639ABBC-4728-493D-87C7-C9FAEEBBCA86} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-12] (Overwolf LTD)
Task: {CB516480-B85E-4E2E-B830-89A63F75D8B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-15] (Microsoft Corporation)
Task: {D02F2D50-4B61-4507-B2FA-0AE95FD718F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {D22BE8B8-2B1F-435D-81F3-D82ABC7C9430} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {D637FF75-2368-4764-804A-7DE0F1EFC5F0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2013-03-23 00:29 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-15 20:57 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-27 20:41 - 2014-01-02 19:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-12-27 20:41 - 2014-11-28 21:50 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-23 03:53 - 2014-01-23 03:53 - 00248736 _____ () D:\Software\Synology\Assistant\UsbClientService.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () D:\Software\FileZilla FTP Client\fzshellext_64.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2014-04-11 14:50 - 2014-04-11 14:50 - 12533760 _____ () C:\Program Files\Mad Catz\X-55 Rhino\Pr0fileEditor_Forms.dll
2014-04-11 14:50 - 2014-04-11 14:50 - 00299008 _____ () C:\Program Files\Mad Catz\X-55 Rhino\de\Pr0fileEditor_Forms.resources.dll
2013-06-15 16:45 - 2012-12-11 12:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-29 18:12 - 2014-12-29 18:12 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.82.103.0\CoreAudioApi.dll
2014-12-29 18:12 - 2014-12-29 18:12 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.103.0\libcef.DLL
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-12-12 13:52 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 00:42 - 2014-10-12 23:24 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 00:42 - 2014-04-20 00:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-29 18:12 - 2014-12-29 18:12 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.103.0\libglesv2.dll
2014-12-29 18:12 - 2014-12-29 18:12 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.103.0\libegl.dll
2014-04-20 00:42 - 2014-04-20 00:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Steam Client Service => 3
========================= Accounts: ==========================
Administrator (S-1-5-21-2419279098-3096199323-2602763189-500 - Administrator - Disabled)
LXA (S-1-5-21-2419279098-3096199323-2602763189-1000 - Administrator - Enabled) => C:\Users\LXA
Gast (S-1-5-21-2419279098-3096199323-2602763189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2419279098-3096199323-2602763189-1003 - Limited - Enabled)
Kosmos (S-1-5-21-2419279098-3096199323-2602763189-1004 - Limited - Enabled) => C:\Users\Kosmos
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2015 01:45:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error: (01/18/2015 01:44:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2
Error: (01/18/2015 01:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 02:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x7dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/18/2015 02:18:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xb74
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/18/2015 02:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1de4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/18/2015 02:18:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1244
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/18/2015 02:18:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 35.0.0.5486 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15f4
Startzeit: 01d032a97f5d1ffa
Endzeit: 110
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: d90228cd-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 01:41:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fd8
Startzeit: 01d032b78261faf6
Endzeit: 1
Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID: c8a58052-9eaa-11e4-a80b-902b343597aa
Error: (01/18/2015 00:00:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
System errors:
=============
Error: (01/16/2015 09:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/16/2015 09:36:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (01/15/2015 09:11:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/15/2015 09:11:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Microsoft Office Sessions:
=========================
Error: (01/18/2015 01:45:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (01/18/2015 01:44:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
Error: (01/18/2015 01:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 02:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014257dc01d032a980dee5f7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldfb74396-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 02:18:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425b7401d032a980c97995C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldda0b798-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 02:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251de401d032a983f06c12C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldd63ae93-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 02:18:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425124401d032a980b1abd2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldb4c1902-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 02:18:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.548615f401d032a97f5d1ffa110C:\Program Files (x86)\Mozilla Firefox\firefox.exed90228cd-9eaf-11e4-a80b-902b343597aa
Error: (01/18/2015 01:41:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.163851fd801d032b78261faf61C:\Windows\system32\NOTEPAD.EXEc8a58052-9eaa-11e4-a80b-902b343597aa
Error: (01/18/2015 00:00:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
CodeIntegrity Errors:
===================================
Date: 2014-12-21 09:10:01.275
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-21 09:10:01.213
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 01:31:30.434
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-19 09:19:52.302
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-19 09:19:52.302
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16384 MB
Available physical RAM: 13000.05 MB
Total Pagefile: 32766.18 MB
Available Pagefile: 28595.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Win 7) (Fixed) (Total:119.14 GB) (Free:15.61 GB) NTFS
Drive d: (Data) (Fixed) (Total:2794.39 GB) (Free:371.1 GB) NTFS
Drive e: (HD-CEU2) (Fixed) (Total:931.51 GB) (Free:32.81 GB) NTFS
Drive j: (My Passport) (Fixed) (Total:931.48 GB) (Free:203.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 9DF7D54D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: DBB504B1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.01.2015, 16:43
| #4 |
| /// the machine /// TB-Ausbilder | Uninstall von au_.exe löscht alle Dateien auf der HD Ich seh in den Logs jetzt nix wildes. Die gelöschten Daten sind natürlich weg. Schent so als hätte der Uninstaller nen Macken, und löscht einfach mehr als gewünscht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 22:35
| #5 |
| | Uninstall von au_.exe löscht alle Dateien auf der HD Zum Glück sind keine persönlichen Daten verloren gegangen (backup) und alles andere lässt sich neu installieren. Allerdings hatte ich vor 2 Tagen Probleme mit BlockAndSurf Malware, welche zum Glück sofort von Kaspersky erkannt wurde, aber nur mit der Hilfe von hier (http://www.trojaner-board.de/151318-...entfernen.html) entfernt werden konnte. Dachte das au_.exe könnte irgendwie damit zusammenhängen. Habe mich mental eigentlich bereits darauf eingestellt den PC neu aufzusetzen, anstatt den Schaden zu beheben. Wäre dies sinnvoll oder bin ich einfach am hyperventilieren? An sich läuft der PC noch ohne Probleme und ist noch fast genau so schnell wie bei der Lieferung ab Werk. Danke für dein Einschätzung, ist für mich halt schwer abzuschätzen was angemessen ist. |
|
19.01.2015, 11:35
| #6 |
| /// the machine /// TB-Ausbilder | Uninstall von au_.exe löscht alle Dateien auf der HD Neuaufsetzen brauchste nit. Ich seh jetzt echt nix in den Logs 
__________________ --> Uninstall von au_.exe löscht alle Dateien auf der HD |
|
| Themen zu Uninstall von au_.exe löscht alle Dateien auf der HD |
| au_.exe, beiträge, beschädigt, datei, dateien, dateiname, dateinamen, deinstallation, diverse, festplatte, funktionen, install, installation, kaspersky, kaspersky und malwarebytes, löscht, malwarebytes, nichts, platte, plötzlich, programme, prozess, rechtsklick, scan, schnell, systemsteuerung, uninstall |
Linear-Darstellung
