| |
| |||||||
Log-Analyse und Auswertung: Adware reste OTL LOG auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.03.2015, 16:24
| #1 |
 |  Adware reste OTL LOG auswerten Hi ich bin neu hier und habe gleich mal eine Frage zu einen Programm OTL nennt sich das und damit wollte ich einen scan machen weil ich mir gestern abend einen Adware Software installiert habe da ich nicht sicher bin wie ich diesen log auswerten soll wollte ich euch fragen ob ihr mir dabei helfen könntet Hier der LogOTL Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2015 16:10:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17690) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free 8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free Paging file location(s): c:\pagefile.sys 200 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) PRC - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll () ========== Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe () SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts) SRV - (Disc Soft Lite Bus Service) -- C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (Service KMSELDI) -- C:\Programme\KMSpico\Service_KMS.exe (@ByELDI) SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (Start8) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.) SRV - (Launch TotalMedia Theatre 6 Driver) -- C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe (ArcSoft, Inc.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices) DRV:64bit: - (Hamachi) -- C:\Windows\SysNative\drivers\Hamdrv.sys (LogMeIn Inc.) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (edevmon) -- C:\Windows\SysNative\drivers\edevmon.sys (ESET) DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ArcCtrl) -- C:\Windows\SysNative\drivers\ArcCtrl.sys () DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (t_mouse.sys) -- C:\Windows\SysNative\drivers\t_mouse.sys () DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (RecFltr) -- C:\Windows\SysNative\drivers\RecFltr.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm)) DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{2B525A53-40D1-437E-AF4F-FE66323C7910}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2015.03.08 18:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E887280-384E-4E94-85D5-23EDDD707C66}: DhcpNameServer = 83.169.185.161 83.169.185.225 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.03.15 21:44:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell - "" = AutoRun O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell\AutoRun\command - "" = "G:\Setup.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.03.16 15:56:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.03.16 15:16:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.16 15:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.03.16 15:16:25 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.03.16 15:16:25 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015.03.16 15:16:25 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar [2015.03.15 23:10:40 | 000,041,784 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe [2015.03.15 23:10:40 | 000,030,520 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll [2015.03.15 23:10:40 | 000,025,912 | ---- | C] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll [2015.03.15 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2015.03.15 22:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2015.03.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2015.03.15 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2015.03.15 20:47:42 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 [2015.03.15 20:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\atjs [2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA [2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u [2015.03.15 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI [2015.03.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015.03.12 19:35:25 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.03.12 19:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2015.03.11 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater [2015.03.11 12:54:46 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe [2015.03.11 12:54:45 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe [2015.03.11 12:54:42 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2015.03.11 12:54:42 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys [2015.03.11 12:54:42 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2015.03.11 12:54:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winshfhc.dll [2015.03.11 12:54:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winshfhc.dll [2015.03.11 12:54:14 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll [2015.03.11 12:54:14 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll [2015.03.11 12:54:10 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll [2015.03.11 12:54:10 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll [2015.03.11 12:54:10 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2015.03.11 12:54:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll [2015.03.11 12:54:10 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2015.03.11 12:54:10 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll [2015.03.11 12:54:10 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2015.03.11 12:54:10 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2015.03.11 12:54:09 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll [2015.03.11 12:54:09 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll [2015.03.11 12:54:09 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2015.03.11 12:54:09 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2015.03.11 12:54:08 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll [2015.03.11 12:54:08 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll [2015.03.11 12:54:08 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2015.03.11 12:54:08 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2015.03.11 12:54:08 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2015.03.11 12:54:08 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2015.03.11 12:54:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atlthunk.dll [2015.03.11 12:54:07 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2015.03.11 12:54:07 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2015.03.11 12:54:07 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll [2015.03.11 12:54:07 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll [2015.03.11 12:54:07 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2015.03.11 12:54:07 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2015.03.11 12:54:07 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StorageContextHandler.dll [2015.03.11 12:54:07 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StorageContextHandler.dll [2015.03.11 12:54:06 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.03.11 12:54:06 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.03.11 12:54:01 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2015.03.11 12:54:01 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll [2015.03.11 12:54:01 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll [2015.03.11 12:54:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll [2015.03.11 12:54:01 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll [2015.03.11 12:54:01 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll [2015.03.11 12:54:01 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll [2015.03.11 12:54:01 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2015.03.11 12:54:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2015.03.11 12:54:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll [2015.03.11 12:54:01 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll [2015.03.11 12:53:50 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.03.11 12:53:49 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2015.03.11 12:53:49 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.03.11 12:53:49 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.03.11 12:53:49 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.03.11 12:53:49 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.03.11 12:53:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.03.11 12:53:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.03.11 12:53:49 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015.03.11 12:53:49 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.03.11 12:53:49 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.03.11 12:53:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.03.11 12:53:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2015.03.11 12:53:49 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2015.03.11 12:53:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.03.11 12:53:49 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.03.11 12:53:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.03.11 12:53:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.03.11 12:53:47 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2015.03.11 12:53:47 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2015.03.11 12:53:47 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2015.03.11 12:53:47 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll [2015.03.11 12:53:47 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll [2015.03.11 12:53:47 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2015.03.11 12:53:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2015.03.11 12:53:47 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockScreenContentServer.exe [2015.03.11 12:53:43 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2015.03.09 16:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2015.03.09 16:25:47 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Audacity [2015.03.09 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software [2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medieval Software [2015.03.08 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft [2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\Documents\My Games [2015.03.07 11:47:54 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box [2015.03.07 11:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite [2015.03.07 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\vlc [2015.03.07 10:32:09 | 000,030,352 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys [2015.03.07 10:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2015.03.07 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2015.03.07 10:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2 [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 [2015.02.28 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock_Corporation [2015.02.28 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock [2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2015.02.28 16:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2015.02.28 16:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2015.02.28 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget [2015.02.28 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Clipboarder [2015.02.28 13:10:05 | 000,080,488 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysNative\MMCEDT6.exe [2015.02.28 13:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6 [2015.02.28 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2015.02.27 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode [2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2015.02.27 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2015.02.27 18:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode [2015.02.21 20:44:24 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll [2015.02.21 20:44:24 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll [2015.02.21 20:44:24 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll [2015.02.21 20:44:24 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll [2015.02.21 20:44:24 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll [2015.02.21 20:44:24 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll [2015.02.21 20:44:24 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll [2015.02.21 20:44:24 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll [2015.02.21 20:44:24 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX [2015.02.21 20:44:24 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCT232.OCX [2015.02.21 20:44:24 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL [2015.02.21 20:44:24 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX [2015.02.21 20:44:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2015.02.21 20:44:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL [2015.02.21 20:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2015.02.21 20:44:23 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx [2015.02.21 20:44:23 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2015.02.21 20:44:23 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2015.02.21 20:44:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2015.02.21 20:44:23 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2015.02.21 20:44:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL [2015.02.21 20:44:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll [2015.02.21 20:44:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL [2015.02.21 20:44:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL [2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack [2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter [2015.02.21 10:38:07 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert [2015.02.21 10:37:40 | 006,441,984 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\SysWow64\DebenuPDFLibraryLite1011.dll [2015.02.21 10:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert [2015.02.21 10:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rename Expert [2015.02.14 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.03.16 16:06:09 | 001,780,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.03.16 16:06:09 | 000,765,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.03.16 16:06:09 | 000,723,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.03.16 16:06:09 | 000,159,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.03.16 16:06:09 | 000,135,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.03.16 16:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.03.16 16:00:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.16 16:00:08 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys [2015.03.16 15:18:38 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.03.16 15:16:27 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.15 21:44:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2015.03.15 20:53:42 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7 [2015.03.15 20:45:48 | 000,000,080 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db [2015.03.15 16:51:53 | 000,226,680 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2015.03.15 16:51:47 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2015.03.13 12:57:27 | 000,338,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.03.12 19:35:04 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF [2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ [2015.03.09 15:19:05 | 000,271,256 | ---- | M] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg [2015.03.07 11:47:54 | 000,001,508 | ---- | M] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk [2015.03.07 10:32:09 | 000,030,352 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys [2015.03.04 22:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.03.04 22:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015.02.28 15:55:53 | 000,000,119 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini [2015.02.28 14:17:34 | 000,000,460 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015.02.28 13:10:05 | 000,002,426 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015.02.27 19:03:20 | 000,007,597 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg [2015.02.25 09:25:02 | 000,041,784 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe [2015.02.25 09:24:52 | 000,030,520 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll [2015.02.25 09:24:52 | 000,025,912 | ---- | M] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll [2015.02.21 01:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2015.02.21 00:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.02.21 00:32:48 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.02.20 04:03:49 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2015.02.20 03:58:26 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2015.02.20 03:49:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.02.20 03:47:56 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.02.20 03:35:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.02.20 03:34:24 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.02.20 03:32:34 | 006,035,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.02.20 03:20:15 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2015.02.20 03:15:32 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2015.02.20 03:07:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2015.02.20 03:06:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.02.20 03:05:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.02.20 02:56:47 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.02.20 02:49:28 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.02.20 02:46:45 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.02.20 02:29:00 | 002,865,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2015.02.20 02:24:21 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.02.20 02:03:34 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.02.20 01:55:38 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.03.16 15:16:27 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.15 23:10:39 | 000,002,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk [2015.03.15 21:44:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2015.03.15 20:53:42 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7 [2015.03.15 20:45:48 | 000,000,080 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db [2015.03.11 12:54:15 | 000,396,419 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF [2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ [2015.03.09 16:25:45 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2015.03.09 15:19:05 | 000,271,256 | ---- | C] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg [2015.03.08 12:00:38 | 000,338,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.03.07 11:47:54 | 000,001,508 | ---- | C] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk [2015.02.28 15:55:53 | 000,000,119 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini [2015.02.28 14:17:34 | 000,000,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015.02.28 13:10:30 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys [2015.02.28 13:10:06 | 000,002,158 | ---- | C] () -- C:\Windows\SysNative\drivers\win81Logo.inf [2015.02.28 13:10:05 | 003,315,392 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcCtrl.sys [2015.02.28 13:10:05 | 000,009,883 | ---- | C] () -- C:\Windows\SysNative\drivers\win81_64logo.cat [2015.02.28 13:10:05 | 000,002,426 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015.02.21 20:44:24 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2015.02.21 20:44:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2015.02.13 16:40:42 | 000,000,290 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part [2015.02.13 16:40:41 | 000,118,724 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS [2015.02.13 16:40:34 | 000,000,234 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part [2015.02.13 16:40:33 | 000,197,360 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS [2015.01.25 17:12:14 | 000,001,248 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\CZWL [2015.01.10 11:14:41 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2015.01.10 11:14:38 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2015.01.09 20:34:58 | 000,226,680 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2015.01.09 20:34:57 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2015.01.09 18:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015.01.09 18:07:25 | 001,804,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015.01.09 18:06:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2015.01.09 18:00:29 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2015.01.09 18:00:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2015.01.09 17:55:41 | 000,004,608 | ---- | C] () -- C:\Windows\SECOH-QAD.exe [2015.01.09 17:55:41 | 000,003,584 | ---- | C] () -- C:\Windows\SECOH-QAD.dll [2015.01.09 12:48:16 | 000,007,597 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg [2014.11.21 03:25:30 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll [2014.11.20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2014.10.03 17:36:30 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014.10.03 17:36:28 | 016,810,624 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll [2014.07.21 22:04:58 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2014.07.21 22:04:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2014.07.21 22:04:46 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2014.07.21 22:04:04 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2014.07.21 22:04:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2014.03.18 11:13:02 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2015.01.09 18:30:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.12 18:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.12 18:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.10.29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014.10.29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.10.29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015.03.15 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u [2015.01.09 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Abelssoft [2015.01.10 10:45:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AMD [2015.02.28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget [2015.03.14 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Audacity [2015.01.09 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AVG [2015.03.07 11:22:15 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite [2015.03.14 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft [2015.01.09 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ESET [2015.02.21 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack [2015.02.04 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ImgBurn [2015.01.09 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\IObit [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA [2015.01.08 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Origin [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI [2015.02.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert [2015.01.09 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Samsung [2015.02.27 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.03.2015 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free
8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): c:\pagefile.sys 200 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277605E-AED8-46AA-85A3-70C79C5676B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{161E68B2-2457-45F8-A8A1-345AF9067847}" = rport=27000 | protocol=6 | dir=out | name=theforestunlockport |
"{28CEC358-F766-43AA-B626-A3670029F13C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C57BF24-1173-4033-8CB7-AFB24A8EFAAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FDD967D-2C8F-47D1-B37F-C58B26A0D071}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{6659D1ED-AA31-4471-9ADE-00E6089F43CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6D3F5BA9-981A-4DFF-BF7A-8CE810EC3B79}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port |
"{7710C7D8-76FA-4715-9216-3CD2466F28E2}" = lport=27015 | protocol=6 | dir=in | name=garrysmodunlockedport |
"{7ACCF0A4-EB9E-4478-9D7B-E3E12958C75C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EA61F90-7620-440C-8E06-04F64171A4EB}" = rport=27015 | protocol=6 | dir=out | name=garrysmodunlockedport |
"{86DB5451-14AA-47F3-AA5F-65E321C9C56D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{878074FC-6C68-42ED-839D-27AAF264E82C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C16F00C7-7DE3-403F-A94E-F689A64567BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F38B6BE5-5A00-49EE-AD11-EDD3C30D8B4E}" = lport=27000 | protocol=6 | dir=in | name=theforestunlockport |
"{FDDCCC72-0F38-4D57-B59A-243E5C4F76D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088B47AB-5503-497C-922D-7A5900E5E3D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1024AA11-C11A-4AF2-93FE-C2A06D5E4939}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{111CA0A9-31A0-4DBB-BBFA-55BEBC6C49A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1290B03A-08F8-4BEC-B78E-74871B23FAF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12B01FB9-7833-4A3D-BCEF-E9DA2440602C}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{136EBEB1-1452-4A08-B4BF-7DB97E579980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ACC5C54-53D4-42AB-BE3A-EFE9B7D2D241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B7B4B6A-6B15-43BD-A787-AC2213573BA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C06427B-3322-42B8-920F-FC5591F658D4}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{22BD07E5-86C9-45F5-ADC3-0A0FFB5F71D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{252C53DA-F233-46D3-B947-012EBC8AF49D}" = dir=out | name=windows_ie_ac_001 |
"{294E46EC-C695-45D3-9214-D6BC71B2A612}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{2F4B92DF-D3C3-4B69-A308-5A8EF322F1B8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{361F6240-A103-4813-A178-47BEA4B5647F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36895411-55D3-4766-89E3-256AAEF61942}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{381C11D7-F975-4CE2-9785-3F3C2A8C6D25}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{38E74A3E-B785-458A-8BD8-4F5267EB38BA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{3C2D4BF0-86D6-434D-B250-B8D0D3CE7744}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{3C83B618-E566-4EAA-8002-97828F793DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{3D80B395-4A61-4E3F-894F-C5BE17297F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{409B5FB6-D455-4F3C-AC9C-88DB330462E7}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{41E40A22-0D84-4DD5-9878-BBA934F249BD}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{53FF68D6-C598-46F8-86B1-8CF03E55C7E4}" = protocol=6 | dir=out | app=system |
"{5438D2DB-CCEF-4D21-B235-C0CAD63C4567}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54E90E93-5503-4826-A69D-472BA44026BA}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{55E1B5A1-7E51-44DF-A578-8698E813E138}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{58D90B63-0115-4C3D-AC14-6C2D14619E14}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A26885D-E389-414C-8138-AFE98FB85617}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{5A851E45-49C2-4444-8D1A-3D54CA17C89C}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{63DA6731-D415-4DBD-9805-F653B5E818CE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{65B4F8AC-4945-4C82-A622-EDBA406AD40B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{67BA14E5-123E-4400-9BE2-05902F81DD15}" = dir=in | name=onenote |
"{74F9C710-3A3E-43D4-AF80-009BD1B3118F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{754A93B5-2DAE-4CDF-B0C4-04E8CC0EEAC3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{758EA4A8-F53F-48F5-870C-A0E9D08C8DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{7C841C5F-F8E9-45C7-8851-D58D28C25750}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7EBCE277-2E46-4940-81B2-60F28D3563A0}" = dir=out | name=onenote |
"{82E40E86-443A-4A02-B3C5-75B8362760EF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{8BC8C3C6-0FD6-4A1A-B091-21325E2C12C3}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{95CAA85C-DD55-4C22-9573-65105B8A155B}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{96AF78DF-816E-4E36-AFD8-92BD4E489019}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D203CB9-54FF-459D-9A41-F886862029C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D624963-25E0-41AF-AE03-D8C8A8AE1083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A5DF2E30-EB6D-45AF-806C-838E716845CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AA4CAF7E-47F7-424D-949B-138E43807DD4}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{ABE2A200-6C43-4A5B-A487-9CE316CF684D}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B437196D-1EEC-4AE8-92A9-9D2140B6D12B}" = dir=out | name=skype |
"{BCA5388C-EBAC-4B83-A7F1-90955214035D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4A194E8-80D1-407C-9028-565DD823AEEC}" = dir=out | name=windows_ie_ac_001 |
"{CA42EF05-B6CB-4993-BF94-F4304AA822D5}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{CC646C2A-A530-43F3-B19D-DBE90C682560}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D5ECB9A6-CAD5-4C81-A4A9-F3B51BE39998}" = protocol=58 | dir=in | app=system |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D6B57275-7717-4321-BE9C-6B3F074D6F3D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D76EB107-C16A-4E68-BC7A-F1382F08FE0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D85CA9A3-62D9-45B3-B368-370AC1D89A2C}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DDCA365C-1321-4E14-B6CA-A4BA0E883506}" = dir=in | name=skype |
"{DF3973E2-CFB5-4A1A-8398-B685BA9E6196}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E403890D-1355-4394-9120-61BC860C410E}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EF6BD61D-A00A-4575-B6FE-1F400F1988CF}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F78A42BF-FD4A-472B-957A-CFB62721C4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{F833EF53-2F1F-4ED6-8991-A4586097FEC7}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.229_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{FC5C4028-1630-47B8-93BA-77F8436A9F46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{99EFA947-C485-43D3-922C-C8A6B8499A77}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{87B80F33-F8FD-419B-A925-EED3D08469F2}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D1CB210-D05E-5BF4-F998-2B1903EE4323}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3DE97849-544D-4D68-9255-11DF6F9F10D8}" = Intel® Trusted Connect Service Client
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2
"{75F06437-40F4-4A65-BC65-FC194D6B7EBA}" = ESET Smart Security
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1" = KMSpico
"{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel(R) Chipset Device Software
"{B9C27F57-AB84-425F-9D00-E18C5D65C18D}" = Intel(R) Rapid Storage Technology
"{D4FC649C-0247-4873-930D-D9E6904DCAF5}" = Intel(R) Management Engine Components
"{E1CBE9A2-1323-488E-9F3B-736DF6399F38}" = Intel(R) Management Engine Components
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{F2A7CE36-57BF-5C86-952D-90DBF3746D82}" = AMD Catalyst Install Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"jdownloader2" = JDownloader 2
"Start8_is1" = Stardock Start8
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{089F13E8-FE1E-9E10-8394-59EB3144C5EA}" = Catalyst Control Center Graphics Previews Common
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{16D24066-E53C-9C3E-21BB-8E16BF0BF1B2}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{24784631-F22D-9570-2C7D-C893CFA0815E}" = CCC Help Swedish
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2B656071-B4F5-5EED-1CEA-8357D5D89756}" = CCC Help Thai
"{2F82B501-6358-476E-A9AC-A6DABD2E52F9}" = BioShock Infinite
"{316F6900-121C-EAE3-06B5-6D033DAD6B46}" = CCC Help Hungarian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3D312F2B-705E-4367-0E43-637742582226}" = CCC Help Chinese Traditional
"{40AF58D5-D86D-8D3C-5D39-882C8ABB6249}" = CCC Help Japanese
"{47B9191A-C6F9-463F-7651-8C915A56CCA7}" = CCC Help Norwegian
"{491B10A8-E797-6E1A-E8F0-CC5ED4A697BF}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F34C608-AC66-DBD9-02B3-07F2A3714AB0}" = CCC Help Danish
"{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"{523885CC-D186-A675-CE46-C02D13CD285A}" = CCC Help German
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{5993537E-0B1C-2656-DE59-3B52AACCA4C8}" = CCC Help French
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{6BC24106-5BED-9E52-E484-1CD9CB444DD0}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7410FDD9-8CFF-04DB-E8DC-66BA97935C0C}" = CCC Help Polish
"{78BE8723-7889-33EB-46C5-E068E4A9A754}" = CCC Help Russian
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{85FC260B-5951-4278-95BF-E8F40802E49E}" = AVG PC TuneUp 2015 (de-DE)
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{8DCCC556-265B-478A-8B32-C12DA988BA74}" = BlueStacks Notification Center
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC1BBD7-B625-7B3F-DC5B-519A17E5A509}" = CCC Help Greek
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A996C182-3724-4DF1-A4BC-66154FE57DFE}" = AVG PC TuneUp 2015
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BE862892-0337-B30D-A2A3-9296BA9E2B4D}" = Catalyst Control Center Localization All
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1" = Rename Expert 5.6.0
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{D0E4CC40-2731-4737-F184-E422D113EE1D}" = CCC Help Italian
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.2.1.7
"{E1E6EEEA-F7CF-1AD4-F404-7EFA1E5E8365}" = CCC Help Portuguese
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel® Chipsatz-Gerätesoftware
"{E70BF0B0-1AD5-E7B7-6448-B66F20E76701}" = CCC Help Korean
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EBE23E56-BA76-02E9-1C6A-8D9043C7E887}" = CCC Help Finnish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EE6909C4-C751-7C0D-B295-90CD93E68817}" = CCC Help Turkish
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F3CB7B-2F62-F6EF-07EA-81143A463B31}" = CCC Help Chinese Standard
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F825EA58-D723-06A1-4F5F-620934DA66AB}" = CCC Help Spanish
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AIDA64 Extreme_is1" = AIDA64 Extreme v5.00
"Audacity_is1" = Audacity 2.0.6
"AVG PC TuneUp" = AVG PC TuneUp 2015
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlueStacks App Player" = BlueStacks App Player
"CHIP Updater_is1" = CHIP Updater
"Driver Booster_is1" = Driver Booster 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Origin" = Origin
"RTSS" = RivaTuner Statistics Server 6.3.0
"VTUploader" = VirusTotal Uploader 2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2015 18:06:38 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:07:15 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:10:02 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:15:45 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x20c Startzeit der fehlerhaften Anwendung: 0x01d05f6d927984c2
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: d2c183c4-cb60-11e4-82de-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:11:51 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0x01d05ff322b00179
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 63be54ae-cbe6-11e4-82df-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:22:00 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff48c4c921c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: cee82fd0-cbe7-11e4-82e0-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:24:35 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x1c4 Startzeit der fehlerhaften Anwendung: 0x01d05ff4e8b83ee7
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 2b0f9217-cbe8-11e4-82e1-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:47:52 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff829f9c65c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 6b95f0e4-cbeb-11e4-82e3-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 16.03.2015 11:00:14 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff9e5732db8
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 25e87a21-cbed-11e4-82e4-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Dynamic Application Loader Host Interface Service"
wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 16.03.2015 11:00:13 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit
folgendem Fehler beendet: %%2147500037
< End of report >
|
|
16.03.2015, 16:25
| #2 |
| /// TB-Ausbilder   | Adware reste OTL LOG auswerten Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Was für Adware hast du dir denn installiert? OTL ist veraltet, wir verwenden FRST: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
16.03.2015, 16:45
| #3 |
| | Adware reste OTL LOG auswerten FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by MC-Necro (administrator) on NECRO on 16-03-2015 16:32:59 Running from C:\Users\MC-Necro\Desktop Loaded Profiles: MC-Necro (Available profiles: MC-Necro) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-09] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd) HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\MountPoints2: {789ce035-c4aa-11e4-82cc-74d435bb1459} - "G:\Setup.exe" IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bf4.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bf4_x86.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bfh.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\crysis3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\tm server.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\ulaunchtmt6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\utotalmediatheatre6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Profile 2 -> hxxp://www.google.de/ CHR StartupUrls: Profile 2 -> "hxxp://www.youtube.com/?gl=DE&hl=de" CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15] CHR Extension: (Google Docs) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15] CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Google Sheets) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Magic Actions for YouTube™) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-15] CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (MEGA) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-15] CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Video Download Helper) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2015-03-15] CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Click&Clean) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-15] CHR Extension: (WEB.DE MailCheck) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-03-15] CHR Extension: (Downloads) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-03-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Adblock Pro) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-03-15] CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) S4 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-12] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-12] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] () S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-10-10] (@ByELDI) [File not signed] R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-19] (Stardock Software, Inc) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-01-09] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-07] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-09] (REALiX(tm)) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-30] (Intel Corporation) S3 RecFltr; C:\Windows\system32\drivers\RecFltr.sys [45440 2007-01-18] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 atillk64; \??\D:\ati_winflash_2.6.7\atillk64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-16 16:32 - 2015-03-16 16:33 - 00020748 _____ () C:\Users\MC-Necro\Desktop\FRST.txt 2015-03-16 16:32 - 2015-03-16 16:30 - 02095616 _____ (Farbar) C:\Users\MC-Necro\Desktop\FRST64.exe 2015-03-16 16:30 - 2015-03-16 16:32 - 00000000 ____D () C:\FRST 2015-03-16 15:56 - 2015-03-16 15:59 - 00000000 ____D () C:\AdwCleaner 2015-03-16 15:54 - 2015-03-16 16:01 - 00007393 _____ () C:\Users\MC-Necro\Desktop\hijackthis.log 2015-03-16 15:16 - 2015-03-16 16:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-16 15:16 - 2015-03-16 15:16 - 00001134 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-16 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-16 15:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-16 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-16 15:11 - 2015-03-16 15:21 - 00000790 _____ () C:\Windows\PFRO.log 2015-03-15 23:21 - 2015-03-16 16:00 - 00000580 _____ () C:\Windows\setupact.log 2015-03-15 23:21 - 2015-03-15 23:21 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-15 23:10 - 2015-03-15 23:10 - 00002249 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-03-15 23:10 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-03-15 23:10 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-03-15 23:10 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-03-15 22:25 - 2015-03-15 22:25 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-15 21:44 - 2015-03-15 21:44 - 00000000 _____ () C:\autoexec.bat 2015-03-15 21:43 - 2015-03-15 22:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2015-03-15 21:42 - 2015-03-15 21:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\MC-Necro\Downloads\SpyHunter4.exe 2015-03-15 21:40 - 2015-03-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-15 20:53 - 2015-03-15 20:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-03-15 20:47 - 2015-03-15 20:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\oVy5zhI 2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\lz5X1XA 2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\7eTwD7u 2015-03-15 20:45 - 2015-03-15 20:45 - 00003288 _____ () C:\Windows\System32\Tasks\vTTqXYNrbiacuyp 2015-03-15 20:45 - 2015-03-15 20:45 - 00003246 _____ () C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu 2015-03-15 20:45 - 2015-03-15 20:45 - 00003244 _____ () C:\Windows\System32\Tasks\OpBYzDpilE2DECl 2015-03-15 20:45 - 2015-03-15 20:45 - 00000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db 2015-03-15 20:45 - 2015-03-15 20:45 - 00000000 ____D () C:\ProgramData\atjs 2015-03-12 19:35 - 2015-03-12 19:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-12 19:34 - 2015-03-12 19:34 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-11 13:01 - 2015-03-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2015-03-11 12:54 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 12:54 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 12:54 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 12:54 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 12:54 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 12:54 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 12:54 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 12:54 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-11 12:54 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-11 12:54 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-11 12:54 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-11 12:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-11 12:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-11 12:54 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-11 12:54 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-11 12:54 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-11 12:54 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-11 12:54 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 12:54 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-11 12:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-11 12:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-11 12:54 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-11 12:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-11 12:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-11 12:54 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-11 12:54 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-11 12:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-11 12:54 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-11 12:54 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-11 12:54 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-11 12:54 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-11 12:54 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-11 12:54 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-11 12:54 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-11 12:54 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 12:54 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-11 12:54 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-11 12:54 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 12:54 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-11 12:54 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-11 12:54 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-11 12:54 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-11 12:54 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 12:54 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-11 12:54 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-03-11 12:54 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-11 12:54 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-11 12:54 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 12:54 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-11 12:54 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 12:54 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-11 12:54 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-11 12:54 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-11 12:53 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 12:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 12:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 12:53 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-03-11 12:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 12:53 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 12:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 12:53 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 12:53 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 12:53 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 12:53 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 12:53 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 12:53 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 12:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 12:53 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-11 12:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 12:53 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 12:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 12:53 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-11 12:53 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-03-11 12:53 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-11 12:53 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 12:53 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 12:53 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 12:53 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 12:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 12:53 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-03-11 12:53 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-11 12:53 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 12:53 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-03-11 12:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 12:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 12:53 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 12:53 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 12:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 12:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 12:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 12:53 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 12:53 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 12:53 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-11 12:53 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-11 12:53 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 12:53 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 12:53 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 12:53 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 12:53 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-11 12:53 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-03-11 12:53 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 12:53 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 12:53 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\MC-Necro\AppData\Roaming\XRNF 2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\MC-Necro\AppData\Roaming\DNDQ 2015-03-09 16:33 - 2015-03-09 16:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity 2015-03-09 16:25 - 2015-03-14 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Audacity 2015-03-09 16:25 - 2015-03-09 16:25 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-03-09 16:25 - 2015-03-09 16:25 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software 2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\Program Files (x86)\Medieval Software 2015-03-08 18:18 - 2015-03-14 21:00 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft 2015-03-08 12:00 - 2015-03-13 12:57 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\Users\MC-Necro\Documents\My Games 2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\ProgramData\Steam 2015-03-07 11:47 - 2015-03-07 11:47 - 00001508 _____ () C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk 2015-03-07 11:47 - 2015-03-07 11:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box 2015-03-07 11:25 - 2015-03-07 11:49 - 00000000 ____D () C:\Program Files (x86)\BioShock Infinite 2015-03-07 10:39 - 2015-03-15 22:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\vlc 2015-03-07 10:32 - 2015-03-07 10:32 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2 2015-02-28 17:23 - 2015-02-28 17:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock_Corporation 2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\Program Files (x86)\Stardock 2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\Public\Documents\Stardock 2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock 2015-02-28 16:22 - 2015-02-28 16:54 - 00000000 ____D () C:\ProgramData\Stardock 2015-02-28 15:55 - 2015-02-28 15:55 - 00000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini 2015-02-28 15:49 - 2015-02-28 15:52 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget 2015-02-28 15:46 - 2015-02-28 15:48 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Clipboarder 2015-02-28 14:17 - 2015-02-28 14:17 - 00000460 __RSH () C:\ProgramData\ntuser.pol 2015-02-28 13:10 - 2015-02-28 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6 2015-02-28 13:10 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys 2015-02-28 13:10 - 2013-09-14 14:54 - 00009883 _____ () C:\Windows\system32\Drivers\win81_64logo.cat 2015-02-28 13:10 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe 2015-02-28 13:09 - 2015-02-28 13:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft 2015-02-27 19:39 - 2015-02-27 19:39 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\XMedia Recode 2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\Program Files\CPUID 2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode 2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter 2015-02-21 20:44 - 2011-09-29 14:20 - 02084864 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 01986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 01212416 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00484352 _____ () C:\Windows\SysWOW64\lame_enc.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00479232 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00458752 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00454656 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00417792 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00348160 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\WMAFile.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2015-02-21 20:44 - 2011-09-29 14:20 - 00116296 _____ () C:\Windows\SysWOW64\NCTWMAProfiles.prx 2015-02-21 20:44 - 2011-09-29 14:19 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2015-02-21 20:44 - 2011-09-29 14:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL 2015-02-21 10:38 - 2015-02-21 10:38 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Rename Expert 2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert 2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Rename Expert 2015-02-21 10:37 - 2013-10-24 11:23 - 06441984 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\DebenuPDFLibraryLite1011.dll 2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-16 16:30 - 2015-01-09 17:54 - 01489205 _____ () C:\Windows\WindowsUpdate.log 2015-03-16 16:18 - 2015-01-09 18:02 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-16 16:06 - 2014-03-18 11:04 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-16 16:06 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2015-03-16 16:06 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2015-03-16 16:05 - 2015-01-09 18:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1004 2015-03-16 16:02 - 2015-01-09 18:10 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2015-03-16 16:00 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-16 15:17 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\VirtualStore 2015-03-15 23:18 - 2015-01-15 16:23 - 00731648 ___SH () C:\Users\MC-Necro\Desktop\Thumbs.db 2015-03-15 23:17 - 2015-01-10 00:45 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-03-15 23:17 - 2015-01-09 18:46 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Skype 2015-03-15 23:06 - 2015-01-09 17:55 - 00003366 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart 2015-03-15 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-15 22:27 - 2015-01-09 17:57 - 00001454 _____ () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-15 21:40 - 2015-01-09 18:02 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-15 21:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources 2015-03-15 21:16 - 2015-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-03-15 20:55 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini 2015-03-15 20:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-15 16:51 - 2015-01-09 20:34 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-15 16:51 - 2015-01-09 20:34 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-15 16:48 - 2015-01-08 20:08 - 00000000 ____D () C:\ProgramData\Origin 2015-03-14 21:00 - 2015-01-14 20:13 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-03-14 12:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-03-14 12:28 - 2015-01-09 16:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\JDownloader v2.0 2015-03-14 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-12 19:45 - 2015-01-08 20:08 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-12 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-12 13:54 - 2014-11-12 11:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 13:53 - 2014-11-12 11:13 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2015-03-07 11:48 - 2015-01-09 18:27 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-03-07 11:24 - 2015-01-08 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-03-07 11:22 - 2015-01-09 18:37 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite 2015-03-07 10:29 - 2015-01-09 18:55 - 00000000 ____D () C:\Program Files\VideoLAN 2015-03-05 10:43 - 2015-01-09 18:23 - 00000000 ____D () C:\ProgramData\ProductData 2015-03-04 22:24 - 2013-08-22 16:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-04 22:24 - 2013-08-22 16:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-28 14:21 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Packages 2015-02-28 14:16 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-28 13:11 - 2015-01-09 19:06 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\ArcSoft 2015-02-28 13:10 - 2015-01-09 18:58 - 00000000 ____D () C:\ProgramData\ArcSoft 2015-02-28 13:10 - 2015-01-09 18:05 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2015-02-27 20:42 - 2015-02-13 17:12 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\dvdcss 2015-02-27 19:03 - 2015-01-09 12:48 - 00007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg 2015-02-15 15:52 - 2015-01-09 18:02 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Google ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\MC-Necro\AppData\Roaming\CZWL 2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\MC-Necro\AppData\Roaming\DNDQ 2015-02-28 15:55 - 2015-02-28 15:55 - 0000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini 2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\MC-Necro\AppData\Roaming\XRNF 2015-02-13 16:40 - 2015-02-13 16:40 - 0197360 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS 2015-02-13 16:40 - 2015-02-13 16:56 - 0000234 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part 2015-02-13 16:40 - 2015-02-13 16:40 - 0118724 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS 2015-02-13 16:40 - 2015-02-13 16:56 - 0000290 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part 2015-03-15 20:45 - 2015-03-15 20:45 - 0000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db 2015-01-09 12:48 - 2015-02-27 19:03 - 0007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg 2015-01-09 18:06 - 2015-01-09 18:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\MC-Necro\AppData\Local\Temp\CHIP_Updater.exe C:\Users\MC-Necro\AppData\Local\Temp\CloudBackup7598.exe C:\Users\MC-Necro\AppData\Local\Temp\DseShExt-x64.dll C:\Users\MC-Necro\AppData\Local\Temp\DseShExt-x86.dll C:\Users\MC-Necro\AppData\Local\Temp\Execute2App.exe C:\Users\MC-Necro\AppData\Local\Temp\msvcp90.dll C:\Users\MC-Necro\AppData\Local\Temp\msvcr90.dll C:\Users\MC-Necro\AppData\Local\Temp\proxy_vole8530263425264948663.dll C:\Users\MC-Necro\AppData\Local\Temp\Quarantine.exe C:\Users\MC-Necro\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\MC-Necro\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\MC-Necro\AppData\Local\Temp\SHSetup.exe C:\Users\MC-Necro\AppData\Local\Temp\SkypeSetup.exe C:\Users\MC-Necro\AppData\Local\Temp\sqlite3.dll C:\Users\MC-Necro\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-09 18:35 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 16:33:12
Running from C:\Users\MC-Necro\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.40 - Abelssoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Rename Expert 5.6.0 (HKLM-x32\...\{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1) (Version: - Gillmeister Software)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.45 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode Version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3114231556-3272972307-1787784662-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
15-03-2015 23:10:01 AVG PC TuneUp 2015 wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {49944065-2C63-4E6B-8F62-E5E7FE0AF965} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {73F0BAE4-609C-4770-87D1-97C984B44474} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-10] (@ByELDI)
Task: {B033CAC0-87EB-4D95-BD18-436688055DDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {D96FC44B-3B41-4DCA-B04D-56C6D1919DDB} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-10] (CHIP)
Task: {DDF60E3C-6909-4257-BEBE-F9CD4F8848DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {E7A75317-98B9-492D-AB73-6ED3DF3E47DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F2CE4609-8D3E-4270-80C0-7DE95CDCFFB3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
Task: {FD27954F-77B3-4BB4-BB48-99EB7601C7EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-01-09 20:34 - 2015-02-06 18:51 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-01-09 18:38 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 83.169.185.161 - 83.169.185.225
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "TotalMedia Server.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "Sidebar845.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== Accounts: =============================
Administrator (S-1-5-21-3114231556-3272972307-1787784662-500 - Administrator - Disabled)
Gast (S-1-5-21-3114231556-3272972307-1787784662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3114231556-3272972307-1787784662-1003 - Limited - Enabled)
MC-Necro (S-1-5-21-3114231556-3272972307-1787784662-1004 - Administrator - Enabled) => C:\Users\MC-Necro
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics 4600
Description: Intel(R) HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x1c4
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x210
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x20c
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/15/2015 11:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/15/2015 11:06:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (03/16/2015 04:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit folgendem Fehler beendet:
%%2147500037
Error: (03/16/2015 04:00:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff9e5732db8C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe25e87a21-cbed-11e4-82e4-74d435bb1459
Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff829f9c65cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe6b95f0e4-cbeb-11e4-82e3-74d435bb1459
Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191c401d05ff4e8b83ee7C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe2b0f9217-cbe8-11e4-82e1-74d435bb1459
Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff48c4c921cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.execee82fd0-cbe7-11e4-82e0-74d435bb1459
Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921001d05ff322b00179C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe63be54ae-cbe6-11e4-82df-74d435bb1459
Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771920c01d05f6d927984c2C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exed2c183c4-cb60-11e4-82de-74d435bb1459
Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (03/15/2015 11:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (03/15/2015 11:06:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8085.18 MB
Available physical RAM: 5727.36 MB
Total Pagefile: 8285.18 MB
Available Pagefile: 5645.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Spiele/Programme) (Fixed) (Total:111.79 GB) (Free:16.32 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:465.66 GB) (Free:450.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FB8C0ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5AFC4BC7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.03.2015, 16:57
| #4 |
| /// TB-Ausbilder | Adware reste OTL LOG auswerten Servus, Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
16.03.2015, 17:09
| #5 |
| | Adware reste OTL LOG auswertenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:02:50 Run:1
Running from D:\
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\vTTqXYNrbiacuyp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vTTqXYNrbiacuyp" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uUQqUdnfXquU7Cu" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (MC-Necro)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
C:\Windows\System32\Tasks\OpBYzDpilE2DECl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpBYzDpilE2DECl" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\XRNF => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\DNDQ => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\CZWL => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 => Moved successfully.
C:\Users\MC-Necro\Downloads\SpyHunter4.exe => Moved successfully.
EmptyTemp: => Removed 252.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:02:51 ====
|
|
16.03.2015, 17:11
| #6 | |
| /// TB-Ausbilder | Adware reste OTL LOG auswertenZitat:
Ich hab gesehen, dass du den FRST-Fix vom Laufwerk D:\ und nicht vom Desktop ausgeführt hast... |
|
16.03.2015, 17:11
| #7 |
| | Adware reste OTL LOG auswerten Bei Schritt 2 habe ich ein problem unzwar wenn ich einen zip ordner erstellen möchte sagt windows mir das ich 'Datei nicht gefunden oder keine Leseberechtigung die zip datei wird erstellt aber wenn ich auf ok klicke geht er wieder weg würde auch eine rar datei gehen ? |
|
16.03.2015, 17:12
| #8 | |
| /// TB-Ausbilder | Adware reste OTL LOG auswertenZitat:
Ich hab gesehen, dass du den FRST-Fix vom Laufwerk D:\ und nicht vom Desktop ausgeführt hast... |
|
16.03.2015, 17:14
| #9 |
| | Adware reste OTL LOG auswerten Hat auch nicht funktioniert |
|
16.03.2015, 17:16
| #10 | |
| /// TB-Ausbilder | Adware reste OTL LOG auswertenZitat:
Versuch es mal mit einer .rar-Datei. |
|
16.03.2015, 17:19
| #11 |
| | Adware reste OTL LOG auswerten Da kommt das C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\OpBYzDpilE2DECl.xBAD nicht öffnen. ! Zugriff verweigert C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\uUQqUdnfXquU7Cu.xBAD nicht öffnen. ! Zugriff verweigert C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\vTTqXYNrbiacuyp.xBAD nicht öffnen. ! Zugriff verweigert Aber das Archiv ist da |
|
16.03.2015, 17:23
| #12 |
| /// TB-Ausbilder | Adware reste OTL LOG auswerten Servus, ok, lade mal hoch, was an Archiv da ist. Ich guck mir das dann an. Dann weiter mit dem FRST-Kontrollscan:
|
|
16.03.2015, 17:23
| #13 |
| | Adware reste OTL LOG auswerten Da kommt das aber das Archiv ist da C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\OpBYzDpilE2DECl.xBAD nicht öffnen. ! Zugriff verweigert C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\uUQqUdnfXquU7Cu.xBAD nicht öffnen. ! Zugriff verweigert C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\vTTqXYNrbiacuyp.xBAD nicht öffnen. ! Zugriff verweigert |
|
16.03.2015, 17:24
| #14 | |
| /// TB-Ausbilder | Adware reste OTL LOG auswertenZitat:
ok, lade mal hoch, was an Archiv da ist. Ich guck mir das dann an. Dann weiter mit dem FRST-Kontrollscan:
|
|
16.03.2015, 17:32
| #15 |
| | Adware reste OTL LOG auswertenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:02:50 Run:1
Running from D:\
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\vTTqXYNrbiacuyp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vTTqXYNrbiacuyp" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uUQqUdnfXquU7Cu" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (MC-Necro)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
C:\Windows\System32\Tasks\OpBYzDpilE2DECl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpBYzDpilE2DECl" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\XRNF => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\DNDQ => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\CZWL => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 => Moved successfully.
C:\Users\MC-Necro\Downloads\SpyHunter4.exe => Moved successfully.
EmptyTemp: => Removed 252.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:02:51 ====
Der upload der Quarantäne Rar datei ist erfolgreich gewesen FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by MC-Necro (administrator) on NECRO on 16-03-2015 17:28:28 Running from C:\Users\MC-Necro\Desktop Loaded Profiles: MC-Necro (Available profiles: MC-Necro) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-09] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd) HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\MountPoints2: {789ce035-c4aa-11e4-82cc-74d435bb1459} - "G:\Setup.exe" IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bf4.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bf4_x86.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\bfh.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\crysis3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\tm server.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\ulaunchtmt6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\utotalmediatheatre6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Profile 2 -> hxxp://www.google.de/ CHR StartupUrls: Profile 2 -> "hxxp://www.youtube.com/?gl=DE&hl=de" CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15] CHR Extension: (Google Docs) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15] CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Google Sheets) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Magic Actions for YouTube™) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-15] CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (MEGA) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-15] CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Video Download Helper) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2015-03-15] CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Click&Clean) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-15] CHR Extension: (WEB.DE MailCheck) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-03-15] CHR Extension: (Downloads) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-03-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Adblock Pro) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-03-15] CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) S4 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-12] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-12] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] () S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-10-10] (@ByELDI) [File not signed] R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-19] (Stardock Software, Inc) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-01-09] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-07] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-09] (REALiX(tm)) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-30] (Intel Corporation) S3 RecFltr; C:\Windows\system32\drivers\RecFltr.sys [45440 2007-01-18] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 atillk64; \??\D:\ati_winflash_2.6.7\atillk64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-16 17:18 - 2015-03-16 17:21 - 00670906 _____ () C:\Users\MC-Necro\Desktop\Quarantine.rar 2015-03-16 16:32 - 2015-03-16 17:28 - 00020185 _____ () C:\Users\MC-Necro\Desktop\FRST.txt 2015-03-16 16:32 - 2015-03-16 16:30 - 02095616 _____ (Farbar) C:\Users\MC-Necro\Desktop\FRST64.exe 2015-03-16 16:30 - 2015-03-16 17:28 - 00000000 ____D () C:\FRST 2015-03-16 16:30 - 2015-03-16 17:02 - 00000000 ____D () C:\Users\MC-Necro\Desktop\Quarantine 2015-03-16 15:56 - 2015-03-16 15:59 - 00000000 ____D () C:\AdwCleaner 2015-03-16 15:54 - 2015-03-16 16:01 - 00007393 _____ () C:\Users\MC-Necro\Desktop\hijackthis.log 2015-03-16 15:16 - 2015-03-16 17:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-16 15:16 - 2015-03-16 15:16 - 00001134 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-16 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-16 15:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-16 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-16 15:11 - 2015-03-16 15:21 - 00000790 _____ () C:\Windows\PFRO.log 2015-03-15 23:21 - 2015-03-16 17:03 - 00000696 _____ () C:\Windows\setupact.log 2015-03-15 23:21 - 2015-03-15 23:21 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-15 23:10 - 2015-03-15 23:10 - 00002249 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-03-15 23:10 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-03-15 23:10 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-03-15 23:10 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-03-15 22:25 - 2015-03-15 22:25 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-15 21:44 - 2015-03-15 21:44 - 00000000 _____ () C:\autoexec.bat 2015-03-15 21:43 - 2015-03-15 22:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2015-03-15 21:40 - 2015-03-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-15 20:45 - 2015-03-15 20:45 - 00000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db 2015-03-12 19:35 - 2015-03-12 19:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-12 19:34 - 2015-03-12 19:34 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-11 13:01 - 2015-03-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2015-03-11 12:54 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 12:54 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 12:54 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 12:54 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 12:54 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 12:54 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 12:54 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 12:54 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-11 12:54 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-11 12:54 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-11 12:54 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-11 12:54 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-11 12:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-11 12:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-11 12:54 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-11 12:54 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-11 12:54 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-11 12:54 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-11 12:54 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 12:54 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-11 12:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-11 12:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-11 12:54 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-11 12:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-11 12:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-11 12:54 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-11 12:54 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-11 12:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-11 12:54 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-11 12:54 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-11 12:54 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-11 12:54 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-11 12:54 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-11 12:54 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-11 12:54 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-11 12:54 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 12:54 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-11 12:54 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-11 12:54 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 12:54 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-11 12:54 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-11 12:54 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-11 12:54 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-11 12:54 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 12:54 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-11 12:54 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-03-11 12:54 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-11 12:54 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-11 12:54 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 12:54 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-11 12:54 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 12:54 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-11 12:54 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-11 12:54 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-11 12:53 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 12:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 12:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 12:53 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-03-11 12:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 12:53 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 12:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 12:53 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 12:53 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 12:53 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 12:53 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 12:53 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 12:53 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 12:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 12:53 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-11 12:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 12:53 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 12:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 12:53 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-11 12:53 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-03-11 12:53 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-11 12:53 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 12:53 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 12:53 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 12:53 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 12:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 12:53 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-03-11 12:53 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-11 12:53 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 12:53 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-03-11 12:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 12:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 12:53 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 12:53 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 12:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 12:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 12:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 12:53 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 12:53 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 12:53 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-11 12:53 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-11 12:53 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 12:53 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 12:53 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 12:53 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 12:53 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-11 12:53 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-03-11 12:53 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 12:53 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 12:53 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-09 16:33 - 2015-03-09 16:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity 2015-03-09 16:25 - 2015-03-14 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Audacity 2015-03-09 16:25 - 2015-03-09 16:25 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-03-09 16:25 - 2015-03-09 16:25 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software 2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\Program Files (x86)\Medieval Software 2015-03-08 18:18 - 2015-03-14 21:00 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft 2015-03-08 12:00 - 2015-03-13 12:57 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\Users\MC-Necro\Documents\My Games 2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\ProgramData\Steam 2015-03-07 11:47 - 2015-03-07 11:47 - 00001508 _____ () C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk 2015-03-07 11:47 - 2015-03-07 11:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box 2015-03-07 11:25 - 2015-03-07 11:49 - 00000000 ____D () C:\Program Files (x86)\BioShock Infinite 2015-03-07 10:39 - 2015-03-15 22:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\vlc 2015-03-07 10:32 - 2015-03-07 10:32 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2 2015-02-28 17:23 - 2015-02-28 17:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock_Corporation 2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\Program Files (x86)\Stardock 2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\Public\Documents\Stardock 2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock 2015-02-28 16:22 - 2015-02-28 16:54 - 00000000 ____D () C:\ProgramData\Stardock 2015-02-28 15:55 - 2015-02-28 15:55 - 00000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini 2015-02-28 15:49 - 2015-02-28 15:52 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget 2015-02-28 15:46 - 2015-02-28 15:48 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Clipboarder 2015-02-28 14:17 - 2015-02-28 14:17 - 00000460 __RSH () C:\ProgramData\ntuser.pol 2015-02-28 13:10 - 2015-02-28 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6 2015-02-28 13:10 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys 2015-02-28 13:10 - 2013-09-14 14:54 - 00009883 _____ () C:\Windows\system32\Drivers\win81_64logo.cat 2015-02-28 13:10 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe 2015-02-28 13:09 - 2015-02-28 13:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft 2015-02-27 19:39 - 2015-02-27 19:39 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\XMedia Recode 2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\Program Files\CPUID 2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode 2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack 2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter 2015-02-21 20:44 - 2011-09-29 14:20 - 02084864 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 01986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 01212416 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00484352 _____ () C:\Windows\SysWOW64\lame_enc.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00479232 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00458752 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00454656 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00417792 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00348160 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\WMAFile.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll 2015-02-21 20:44 - 2011-09-29 14:20 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2015-02-21 20:44 - 2011-09-29 14:20 - 00116296 _____ () C:\Windows\SysWOW64\NCTWMAProfiles.prx 2015-02-21 20:44 - 2011-09-29 14:19 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2015-02-21 20:44 - 2011-09-29 14:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX 2015-02-21 20:44 - 2011-09-29 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll 2015-02-21 20:44 - 2011-09-29 14:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL 2015-02-21 20:44 - 2011-09-29 14:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL 2015-02-21 10:38 - 2015-02-21 10:38 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Rename Expert 2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert 2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Rename Expert 2015-02-21 10:37 - 2013-10-24 11:23 - 06441984 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\DebenuPDFLibraryLite1011.dll 2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-16 17:18 - 2015-01-09 18:02 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-16 17:12 - 2015-01-09 17:54 - 01521213 _____ () C:\Windows\WindowsUpdate.log 2015-03-16 17:08 - 2015-01-09 18:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1004 2015-03-16 17:07 - 2014-03-18 11:04 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-16 17:07 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2015-03-16 17:07 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2015-03-16 17:05 - 2015-01-09 18:10 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2015-03-16 17:03 - 2015-01-15 16:23 - 00731648 ___SH () C:\Users\MC-Necro\Desktop\Thumbs.db 2015-03-16 17:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-16 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-16 17:00 - 2015-01-09 18:46 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Skype 2015-03-16 15:17 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\VirtualStore 2015-03-15 23:17 - 2015-01-10 00:45 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-03-15 23:06 - 2015-01-09 17:55 - 00003366 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart 2015-03-15 22:27 - 2015-01-09 17:57 - 00001454 _____ () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-15 21:40 - 2015-01-09 18:02 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-15 21:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources 2015-03-15 21:16 - 2015-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-03-15 20:55 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini 2015-03-15 20:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-15 16:51 - 2015-01-09 20:34 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-15 16:51 - 2015-01-09 20:34 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-15 16:48 - 2015-01-08 20:08 - 00000000 ____D () C:\ProgramData\Origin 2015-03-14 21:00 - 2015-01-14 20:13 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-03-14 12:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-03-14 12:28 - 2015-01-09 16:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\JDownloader v2.0 2015-03-14 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-12 19:45 - 2015-01-08 20:08 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-12 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-12 13:54 - 2014-11-12 11:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 13:53 - 2014-11-12 11:13 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2015-03-07 11:48 - 2015-01-09 18:27 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-03-07 11:24 - 2015-01-08 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-03-07 11:22 - 2015-01-09 18:37 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite 2015-03-07 10:29 - 2015-01-09 18:55 - 00000000 ____D () C:\Program Files\VideoLAN 2015-03-05 10:43 - 2015-01-09 18:23 - 00000000 ____D () C:\ProgramData\ProductData 2015-03-04 22:24 - 2013-08-22 16:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-04 22:24 - 2013-08-22 16:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-28 14:21 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Packages 2015-02-28 14:16 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-28 13:11 - 2015-01-09 19:06 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\ArcSoft 2015-02-28 13:10 - 2015-01-09 18:58 - 00000000 ____D () C:\ProgramData\ArcSoft 2015-02-28 13:10 - 2015-01-09 18:05 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2015-02-27 20:42 - 2015-02-13 17:12 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\dvdcss 2015-02-27 19:03 - 2015-01-09 12:48 - 00007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg 2015-02-15 15:52 - 2015-01-09 18:02 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Google ==================== Files in the root of some directories ======= 2015-02-28 15:55 - 2015-02-28 15:55 - 0000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini 2015-02-13 16:40 - 2015-02-13 16:40 - 0197360 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS 2015-02-13 16:40 - 2015-02-13 16:56 - 0000234 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part 2015-02-13 16:40 - 2015-02-13 16:40 - 0118724 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS 2015-02-13 16:40 - 2015-02-13 16:56 - 0000290 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part 2015-03-15 20:45 - 2015-03-15 20:45 - 0000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db 2015-01-09 12:48 - 2015-02-27 19:03 - 0007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-09 18:35 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:28:42
Running from C:\Users\MC-Necro\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.40 - Abelssoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Rename Expert 5.6.0 (HKLM-x32\...\{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1) (Version: - Gillmeister Software)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.45 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode Version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3114231556-3272972307-1787784662-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
15-03-2015 23:10:01 AVG PC TuneUp 2015 wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {49944065-2C63-4E6B-8F62-E5E7FE0AF965} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {73F0BAE4-609C-4770-87D1-97C984B44474} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-10] (@ByELDI)
Task: {B033CAC0-87EB-4D95-BD18-436688055DDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {D96FC44B-3B41-4DCA-B04D-56C6D1919DDB} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-10] (CHIP)
Task: {DDF60E3C-6909-4257-BEBE-F9CD4F8848DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {E7A75317-98B9-492D-AB73-6ED3DF3E47DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {F2CE4609-8D3E-4270-80C0-7DE95CDCFFB3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {FD27954F-77B3-4BB4-BB48-99EB7601C7EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-01-09 20:34 - 2015-02-06 18:51 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-01-09 18:38 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 83.169.185.161 - 83.169.185.225
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "TotalMedia Server.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "Sidebar845.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== Accounts: =============================
Administrator (S-1-5-21-3114231556-3272972307-1787784662-500 - Administrator - Disabled)
Gast (S-1-5-21-3114231556-3272972307-1787784662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3114231556-3272972307-1787784662-1003 - Limited - Enabled)
MC-Necro (S-1-5-21-3114231556-3272972307-1787784662-1004 - Administrator - Enabled) => C:\Users\MC-Necro
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics 4600
Description: Intel(R) HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2015 05:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x218
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 05:03:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x1c4
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x210
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x20c
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5
Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (03/16/2015 05:03:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit folgendem Fehler beendet:
%%2147500037
Error: (03/16/2015 05:03:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/16/2015 05:03:00 PM) (Source: DCOM) (EventID: 10010) (User: Necro)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (03/16/2015 05:03:00 PM) (Source: DCOM) (EventID: 10010) (User: Necro)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (03/16/2015 05:02:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/16/2015 05:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921801d06002b74edbc6C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exef821dbde-cbf5-11e4-82e5-74d435bb1459
Error: (03/16/2015 05:03:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff9e5732db8C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe25e87a21-cbed-11e4-82e4-74d435bb1459
Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff829f9c65cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe6b95f0e4-cbeb-11e4-82e3-74d435bb1459
Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191c401d05ff4e8b83ee7C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe2b0f9217-cbe8-11e4-82e1-74d435bb1459
Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff48c4c921cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.execee82fd0-cbe7-11e4-82e0-74d435bb1459
Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921001d05ff322b00179C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe63be54ae-cbe6-11e4-82df-74d435bb1459
Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771920c01d05f6d927984c2C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exed2c183c4-cb60-11e4-82de-74d435bb1459
Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 23%
Total physical RAM: 8085.18 MB
Available physical RAM: 6157.47 MB
Total Pagefile: 8285.18 MB
Available Pagefile: 6142.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Spiele/Programme) (Fixed) (Total:111.79 GB) (Free:16.48 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:465.66 GB) (Free:450.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FB8C0ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5AFC4BC7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
| Themen zu Adware reste OTL LOG auswerten |
| abend, adware, auswerten, bluestacks, driver booster, frage, fragen, gestern, install.exe, installier, installiert, kmspico, könntet, launch, log, log auswerten, nennt, neu, nicht sicher, otl log, programm, refresh, reste, revo uninstaller, scan, software |
Linear-Darstellung
