[TR/CoinMiner bzw. Trojan.Agent.Gen] svchost.exe und lsass.exe in Windows\Temp

CBAN3489 · 20.03.2015, 20:50

Hallo,

ich habe mir einen Trojaner eingefangen und bekomme diesen nicht mehr los.

Wie im Titel genannt handelt es sich dabei um die Dateien lsass.exe und svchost.exe im Temp Ordner von Windows.

Ich nutze Avira AntiVir und dieser erkennt auch die lsass.exe. Die svchost.exe belastet meine CPU extrem und wird auch nicht als schädlich erkannt. Wenn ich den SYSTEM-Prozess mit 80% Belastung beende, fährt erstmal mein Lüfter runter (yay!) und ich kann die svchost.exe auch löschen.

Somit sind beide Dateien gelöscht! Aber nach einem neustart, werden diese Dateien erneut geladen und das Spiel fängt von vorne an.

Ich habe schon einen Systemscan gemacht, meine Autostarteinträge überprüft, die Shell unter Winlogon überprüft und Malwarebytes drüber laufen lassen (der hat auch eine weitere svchost.exe gefunden, die ich dann löschte und die seitdem auch nicht mehr auftauchte).

Ich habe schon einiges nachgelesen, finde aber nichts genaues, wie ich denn das erneute runterladen der Dateien verhindern kann. Ich finde auch keinen Prozess, keinen Dienst, keinen Registrierungseintrag, der das ausführt.

Nachdem ich den Prozess beendet und die Datei gelöscht habe, ist auch Frieden bis ich meinen PC neu starte.

Ich habe auch schon HijackThis einen Scan machen lassen. Aber dort sind alle Einträge ohne bedenken. Einen Log habe ich aber nicht mehr. Nach bedarf erstelle ich auch einen.

Vielen Dank.

M-K-D-B · 20.03.2015, 21:32

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

CBAN3489 · 20.03.2015, 21:51

Hallo Matthias,

danke für Deine Antwort. Hier der Inhalt der erstellten TXT Dateien:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Achmed (administrator) on INSANITY on 20-03-2015 21:37:06
Running from D:\Downloads
Loaded Profiles: Achmed &  (Available profiles: Achmed)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\system\3DG4me.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-414628413-2699045466-946937149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Gigabyte.com
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Gigabyte.com
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Gigabyte.com
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-08-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\battlenet.xml [2015-03-14]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\leo-eng-deu-v20.xml [2015-03-06]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\minecraft-wiki-en.xml [2015-02-18]
FF Extension: Video Downloader professional - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-03-11]
FF Extension: NoScript - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-27]
FF Extension: Adblock Plus - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S4 KAUpdateService; G:\The Book of Unwritten Tales 2\service\KAUpdateService.exe [36864 2015-01-27] () [File not signed]
S2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 Origin Client Service; G:\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
S2 TrueCryptSystemFavorites; C:\Windows\SysWOW64\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U0 snikdf; C:\Windows\System32\drivers\fwosxm.sys [79064 2015-03-20] (Malwarebytes Corporation)
S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 21:36 - 2015-03-20 21:37 - 00000000 ____D () C:\FRST
2015-03-20 20:39 - 2015-03-20 20:39 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\fwosxm.sys
2015-03-20 20:33 - 2015-03-20 20:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 20:33 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-20 20:33 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-20 20:28 - 2015-03-20 20:28 - 00000836 _____ () C:\Windows\PFRO.log
2015-03-20 20:28 - 2015-03-20 20:28 - 00000168 _____ () C:\Windows\setupact.log
2015-03-20 20:28 - 2015-03-20 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-20 20:00 - 2015-03-20 20:10 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 19:30 - 2015-03-20 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 18:34 - 2015-03-20 19:41 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-20 18:34 - 2015-03-20 18:34 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-03-20 02:16 - 2015-03-20 02:16 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2015-03-20 00:16 - 2015-03-20 00:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-18 00:35 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:35 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 17:44 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\TeamViewer
2015-03-13 20:23 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Local\CrashDumps
2015-03-11 04:52 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 04:52 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 04:46 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 04:46 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 04:46 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 04:46 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 04:46 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 04:46 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 04:46 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 04:46 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 04:46 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 04:46 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 04:46 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 04:46 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 04:46 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 04:46 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 04:46 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 04:46 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 04:46 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 04:46 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 04:46 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 04:46 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 04:46 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 04:46 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 04:46 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 04:46 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 04:46 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 04:46 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 04:46 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 04:46 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 04:46 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 04:46 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 04:46 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 04:46 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 04:46 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 04:46 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 04:46 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 04:46 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 04:46 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 04:46 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 04:46 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 04:46 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 04:46 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 04:46 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 04:46 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 04:46 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 04:46 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 04:46 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 04:46 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 04:46 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 04:46 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 04:46 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ___DL () C:\Users\Achmed\AppData\Roaming\.minecraft
2015-03-06 20:20 - 2015-03-06 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland
2015-03-06 20:18 - 2015-03-06 20:18 - 00001083 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client.lnk
2015-03-06 13:05 - 2015-03-06 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-20 20:28 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-06 12:44 - 2015-03-06 12:44 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Steam
2015-03-05 17:42 - 2015-03-20 18:25 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\vlc
2015-03-05 17:42 - 2015-03-05 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-03 17:20 - 2015-03-05 17:42 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-02 20:47 - 2015-03-02 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-02-27 20:43 - 2015-02-27 20:43 - 00000000 ____D () C:\Users\Achmed\AppData\Local\BANDAI NAMCO Games
2015-02-27 20:30 - 2015-03-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse
2015-02-24 11:06 - 2015-02-24 11:06 - 00001437 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieUserList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieSiteList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieBrowserModeList
2015-02-23 03:02 - 2015-02-23 03:02 - 04022504 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00017950 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00013082 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\AccurateRip
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Program Files (x86)\Illustrate
2015-02-23 02:23 - 2015-02-23 02:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-23 02:11 - 2015-02-23 02:23 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00001787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-23 02:11 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-02-22 01:33 - 2015-03-05 04:16 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\CodeBlocks
2015-02-21 00:07 - 2015-03-10 17:23 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Spotify
2015-02-21 00:07 - 2015-02-21 00:07 - 00001812 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-21 00:06 - 2015-03-10 17:31 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Spotify
2015-02-20 11:20 - 2015-02-20 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-02-19 16:30 - 2015-02-22 15:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-19 16:30 - 2015-02-22 15:14 - 00002065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-19 16:19 - 2015-02-19 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 21:34 - 2015-01-27 19:14 - 00007621 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-03-20 21:34 - 2015-01-27 18:47 - 01314544 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 21:21 - 2015-01-27 19:39 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Skype
2015-03-20 20:34 - 2011-04-12 08:43 - 00674286 _____ () C:\Windows\system32\perfh007.dat
2015-03-20 20:34 - 2011-04-12 08:43 - 00139426 _____ () C:\Windows\system32\perfc007.dat
2015-03-20 20:34 - 2009-07-14 06:13 - 01554882 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 20:33 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 20:33 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 20:30 - 2015-01-27 18:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 20:28 - 2015-01-29 16:54 - 00003752 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-20 20:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 20:25 - 2015-01-30 17:37 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\FileZilla
2015-03-20 20:25 - 2013-12-13 19:19 - 00000000 ____D () C:\Windows\Panther
2015-03-20 20:11 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed\AppData\Local\VirtualStore
2015-03-20 20:04 - 2009-07-14 03:34 - 00000215 ____N () C:\Windows\system.ini
2015-03-20 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-20 18:56 - 2015-01-27 19:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 04:19 - 2015-01-27 22:52 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Battle.net
2015-03-20 02:16 - 2015-01-27 22:05 - 00000000 ____D () C:\ProgramData\Origin
2015-03-20 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-20 00:16 - 2015-01-27 19:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 00:36 - 2015-01-27 19:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 20:41 - 2015-02-10 15:54 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 20:41 - 2015-02-10 15:54 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 17:16 - 2015-01-27 19:52 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 17:16 - 2015-01-27 19:52 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 13:40 - 2015-01-27 22:56 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 13:40 - 2015-01-27 22:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 13:40 - 2015-01-27 21:37 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Adobe
2015-03-12 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 01:58 - 2015-01-28 00:15 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-12 01:58 - 2015-01-28 00:15 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-11 14:10 - 2015-01-27 19:52 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-11 11:39 - 2009-07-14 05:45 - 05101264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 04:50 - 2013-12-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 04:47 - 2013-12-13 20:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 03:44 - 2015-01-28 00:14 - 00000000 ____D () C:\ProgramData\Steam
2015-03-06 20:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-06 12:37 - 2015-01-27 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 12:37 - 2015-01-27 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla
2015-03-05 17:27 - 2015-01-28 16:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-04 12:34 - 2015-01-27 20:48 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 22:09 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-03 22:07 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-03 21:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-03 21:45 - 2015-02-17 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-02 22:54 - 2015-01-28 01:50 - 00000000 ____D () C:\World of Warcraft
2015-03-02 20:43 - 2015-01-27 22:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 03:01 - 2015-02-01 01:54 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Mp3tag
2015-02-20 11:39 - 2015-01-27 20:05 - 00111912 _____ () C:\Users\Achmed\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 16:33 - 2015-02-05 13:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-19 16:30 - 2015-01-27 21:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 16:21 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed
2015-02-19 16:20 - 2015-01-27 21:38 - 00000000 ____D () C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-01-27 19:14 - 2015-03-20 21:34 - 0007621 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-01-27 19:31 - 2015-01-27 19:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Achmed\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 20:46

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Achmed at 2015-03-20 21:37:24
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EASEUS Partition Master 9.1.1 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{76EE13CA-33D7-4DC4-B15C-FE0B2CD1E949}) (Version: 2.2.4.0 - Husdawg, LLC)
The Book of Unwritten Tales 2 Version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-03-2015 20:10:07 ComboFix created restore point
20-03-2015 20:30:28 Entfernt Gigabyte Raid Configurer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-19 16:33 - 00001129 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {041749C7-AE29-4952-AE9B-7693A8DE8B32} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {21A2B23C-C9DA-4C28-B592-EA501A87FC9B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4669F2F8-699C-4770-B38A-D5D2B833631A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E2939AA-BF35-4AA1-807C-FEAA9F212482} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () <==== ATTENTION
Task: {68956E24-59E7-4A9B-8FD4-005F998B6B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {833E4F4B-304C-4C23-AFE4-9F75B129A1FB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-29] ()
Task: {844A6DAB-20C9-4E3C-A2C6-C0E621F485C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F5FE2AF2-87E4-4368-9762-748E404712E4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) ==============

2015-01-27 19:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 00:15 - 2015-02-03 11:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-28 12:33 - 2013-05-28 15:56 - 00151552 _____ () C:\Windows\system\3DG4me.exe
2015-01-28 12:33 - 2012-06-06 08:56 - 00143360 _____ () C:\Windows\system\3DG4me.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrueCryptSystemFavorites => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-414628413-2699045466-946937149-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-414628413-2699045466-946937149-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Achmed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Achmed (S-1-5-21-414628413-2699045466-946937149-1000 - Administrator - Enabled) => C:\Users\Achmed
Administrator (S-1-5-21-414628413-2699045466-946937149-500 - Administrator - Disabled)
Gast (S-1-5-21-414628413-2699045466-946937149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-414628413-2699045466-946937149-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 08:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 08:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/20/2015 07:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/20/2015 07:44:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:48:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/20/2015 08:57:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:57:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:57:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/20/2015 08:28:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (03/20/2015 08:07:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (03/20/2015 08:04:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/20/2015 08:02:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (03/20/2015 08:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 08:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe

Error: (03/20/2015 07:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe

Error: (03/20/2015 07:44:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:48:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 06:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 17%
Total physical RAM: 16365.16 MB
Available physical RAM: 13571.54 MB
Total Pagefile: 16363.35 MB
Available Pagefile: 13261.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (100 GB Windows 7) (Fixed) (Total:100.51 GB) (Free:35.53 GB) NTFS
Drive d: (250 GB Docs) (Fixed) (Total:232.88 GB) (Free:124.71 GB) NTFS
Drive e: (250 GB Data) (Fixed) (Total:232.88 GB) (Free:85.61 GB) NTFS
Drive f: (1750 GB Data) (Fixed) (Total:1630.18 GB) (Free:94.83 GB) NTFS
Drive g: (250 GB Games) (Fixed) (Total:232.83 GB) (Free:21.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D6142743)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 76204D87)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 0E090C11)
Partition 1: (Not Active) - (Size=1630.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 20.03.2015, 21:55

Zukünftig bitte beachten:

Zitat:

Running from D:\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

CBAN3489 · 20.03.2015, 22:01

Ich merks mir für die Zukunft. Das sollte aber die aktuellen Logs nicht beeinträchtigt haben.

M-K-D-B · 20.03.2015, 22:06

Servus,

poste mir mal bitte alle noch vorhandenen Logdateien mit Funden!

Dann noch TDSS-Killer bitte:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

CBAN3489 · 20.03.2015, 22:22

Ich habe keine weiteren Logs.

TDSSKiller

Code:

ATTFilter

22:20:57.0387 0x17f8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:21:11.0250 0x17f8  ============================================================
22:21:11.0250 0x17f8  Current date / time: 2015/03/20 22:21:11.0250
22:21:11.0250 0x17f8  SystemInfo:
22:21:11.0251 0x17f8  
22:21:11.0251 0x17f8  OS Version: 6.1.7601 ServicePack: 1.0
22:21:11.0251 0x17f8  Product type: Workstation
22:21:11.0251 0x17f8  ComputerName: INSANITY
22:21:11.0251 0x17f8  UserName: Achmed
22:21:11.0251 0x17f8  Windows directory: C:\Windows
22:21:11.0251 0x17f8  System windows directory: C:\Windows
22:21:11.0251 0x17f8  Running under WOW64
22:21:11.0251 0x17f8  Processor architecture: Intel x64
22:21:11.0251 0x17f8  Number of processors: 6
22:21:11.0251 0x17f8  Page size: 0x1000
22:21:11.0251 0x17f8  Boot type: Normal boot
22:21:11.0251 0x17f8  ============================================================
22:21:11.0316 0x17f8  KLMD registered as C:\Windows\system32\drivers\48200456.sys
22:21:11.0361 0x17f8  System UUID: {1CD48B70-ECED-2B53-A2E3-F9082A0AEB33}
22:21:11.0625 0x17f8  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:11.0645 0x17f8  Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:11.0645 0x17f8  Drive \Device\Harddisk2\DR2 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:11.0646 0x17f8  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:11.0663 0x17f8  ============================================================
22:21:11.0663 0x17f8  \Device\Harddisk0\DR0:
22:21:11.0663 0x17f8  MBR partitions:
22:21:11.0663 0x17f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:21:11.0663 0x17f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC906000
22:21:11.0663 0x17f8  \Device\Harddisk1\DR1:
22:21:11.0670 0x17f8  MBR partitions:
22:21:11.0670 0x17f8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:21:11.0670 0x17f8  \Device\Harddisk2\DR2:
22:21:11.0670 0x17f8  MBR partitions:
22:21:11.0670 0x17f8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:21:11.0670 0x17f8  \Device\Harddisk3\DR3:
22:21:11.0859 0x17f8  MBR partitions:
22:21:11.0859 0x17f8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCBC5E648
22:21:11.0859 0x17f8  \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0xCBC5E687, BlocksNum 0x1D1A8E3A
22:21:11.0859 0x17f8  ============================================================
22:21:11.0860 0x17f8  E: <-> \Device\Harddisk2\DR2\Partition1
22:21:11.0861 0x17f8  F: <-> \Device\Harddisk3\DR3\Partition1
22:21:11.0886 0x17f8  G: <-> \Device\Harddisk3\DR3\Partition2
22:21:11.0886 0x17f8  ============================================================
22:21:11.0886 0x17f8  Initialize success
22:21:11.0886 0x17f8  ============================================================
22:21:33.0662 0x1500  ============================================================
22:21:33.0662 0x1500  Scan started
22:21:33.0662 0x1500  Mode: Manual; SigCheck; TDLFS; 
22:21:33.0662 0x1500  ============================================================
22:21:33.0662 0x1500  KSN ping started
22:21:47.0119 0x1500  KSN ping finished: true
22:21:47.0159 0x1500  ================ Scan system memory ========================
22:21:47.0159 0x1500  System memory - ok
22:21:47.0159 0x1500  ================ Scan services =============================
22:21:47.0169 0x1500  1394ohci - ok
22:21:47.0171 0x1500  ACPI - ok
22:21:47.0172 0x1500  AcpiPmi - ok
22:21:47.0175 0x1500  AdobeARMservice - ok
22:21:47.0178 0x1500  adp94xx - ok
22:21:47.0181 0x1500  adpahci - ok
22:21:47.0183 0x1500  adpu320 - ok
22:21:47.0187 0x1500  AeLookupSvc - ok
22:21:47.0189 0x1500  AFD - ok
22:21:47.0192 0x1500  agp440 - ok
22:21:47.0194 0x1500  ALG - ok
22:21:47.0196 0x1500  aliide - ok
22:21:47.0199 0x1500  amdide - ok
22:21:47.0201 0x1500  AmdK8 - ok
22:21:47.0204 0x1500  AmdPPM - ok
22:21:47.0206 0x1500  amdsata - ok
22:21:47.0210 0x1500  amdsbs - ok
22:21:47.0213 0x1500  amdxata - ok
22:21:47.0216 0x1500  amd_sata - ok
22:21:47.0218 0x1500  amd_xata - ok
22:21:47.0221 0x1500  AntiVirSchedulerService - ok
22:21:47.0223 0x1500  AntiVirService - ok
22:21:47.0226 0x1500  AppID - ok
22:21:47.0229 0x1500  AppIDSvc - ok
22:21:47.0231 0x1500  Appinfo - ok
22:21:47.0234 0x1500  Apple Mobile Device Service - ok
22:21:47.0237 0x1500  AppMgmt - ok
22:21:47.0239 0x1500  arc - ok
22:21:47.0242 0x1500  arcsas - ok
22:21:47.0246 0x1500  aspnet_state - ok
22:21:47.0250 0x1500  AsyncMac - ok
22:21:47.0252 0x1500  atapi - ok
22:21:47.0255 0x1500  AudioEndpointBuilder - ok
22:21:47.0257 0x1500  AudioSrv - ok
22:21:47.0260 0x1500  avgntflt - ok
22:21:47.0262 0x1500  avipbb - ok
22:21:47.0265 0x1500  avkmgr - ok
22:21:47.0268 0x1500  AxInstSV - ok
22:21:47.0270 0x1500  b06bdrv - ok
22:21:47.0272 0x1500  b57nd60a - ok
22:21:47.0276 0x1500  BDESVC - ok
22:21:47.0279 0x1500  Beep - ok
22:21:47.0281 0x1500  BFE - ok
22:21:47.0283 0x1500  BITS - ok
22:21:47.0286 0x1500  blbdrive - ok
22:21:47.0290 0x1500  Bonjour Service - ok
22:21:47.0292 0x1500  bowser - ok
22:21:47.0295 0x1500  BrFiltLo - ok
22:21:47.0298 0x1500  BrFiltUp - ok
22:21:47.0301 0x1500  BridgeMP - ok
22:21:47.0304 0x1500  Browser - ok
22:21:47.0306 0x1500  Brserid - ok
22:21:47.0309 0x1500  BrSerWdm - ok
22:21:47.0312 0x1500  BrUsbMdm - ok
22:21:47.0314 0x1500  BrUsbSer - ok
22:21:47.0317 0x1500  BTHMODEM - ok
22:21:47.0321 0x1500  bthserv - ok
22:21:47.0325 0x1500  cdfs - ok
22:21:47.0327 0x1500  cdrom - ok
22:21:47.0330 0x1500  CertPropSvc - ok
22:21:47.0333 0x1500  circlass - ok
22:21:47.0335 0x1500  CLFS - ok
22:21:47.0337 0x1500  clr_optimization_v2.0.50727_32 - ok
22:21:47.0340 0x1500  clr_optimization_v2.0.50727_64 - ok
22:21:47.0343 0x1500  clr_optimization_v4.0.30319_32 - ok
22:21:47.0346 0x1500  clr_optimization_v4.0.30319_64 - ok
22:21:47.0348 0x1500  CmBatt - ok
22:21:47.0351 0x1500  cmdide - ok
22:21:47.0354 0x1500  CNG - ok
22:21:47.0356 0x1500  Compbatt - ok
22:21:47.0359 0x1500  CompositeBus - ok
22:21:47.0361 0x1500  COMSysApp - ok
22:21:47.0364 0x1500  crcdisk - ok
22:21:47.0369 0x1500  CryptSvc - ok
22:21:47.0371 0x1500  CSC - ok
22:21:47.0374 0x1500  CscService - ok
22:21:47.0377 0x1500  DcomLaunch - ok
22:21:47.0380 0x1500  defragsvc - ok
22:21:47.0383 0x1500  DfsC - ok
22:21:47.0386 0x1500  Dhcp - ok
22:21:47.0389 0x1500  discache - ok
22:21:47.0392 0x1500  Disk - ok
22:21:47.0395 0x1500  dmvsc - ok
22:21:47.0398 0x1500  Dnscache - ok
22:21:47.0401 0x1500  dot3svc - ok
22:21:47.0403 0x1500  DPS - ok
22:21:47.0406 0x1500  drmkaud - ok
22:21:47.0408 0x1500  DXGKrnl - ok
22:21:47.0410 0x1500  E1G60 - ok
22:21:47.0413 0x1500  EapHost - ok
22:21:47.0415 0x1500  ebdrv - ok
22:21:47.0421 0x1500  EFS - ok
22:21:47.0425 0x1500  ElbyCDIO - ok
22:21:47.0428 0x1500  elxstor - ok
22:21:47.0432 0x1500  epmntdrv - ok
22:21:47.0435 0x1500  ErrDev - ok
22:21:47.0439 0x1500  EtronHub3 - ok
22:21:47.0442 0x1500  EtronXHCI - ok
22:21:47.0445 0x1500  EuGdiDrv - ok
22:21:47.0449 0x1500  EventSystem - ok
22:21:47.0452 0x1500  exfat - ok
22:21:47.0455 0x1500  fastfat - ok
22:21:47.0458 0x1500  Fax - ok
22:21:47.0460 0x1500  fdc - ok
22:21:47.0463 0x1500  fdPHost - ok
22:21:47.0466 0x1500  FDResPub - ok
22:21:47.0469 0x1500  FileInfo - ok
22:21:47.0472 0x1500  Filetrace - ok
22:21:47.0475 0x1500  flpydisk - ok
22:21:47.0478 0x1500  FltMgr - ok
22:21:47.0481 0x1500  FontCache - ok
22:21:47.0484 0x1500  FontCache3.0.0.0 - ok
22:21:47.0486 0x1500  FsDepends - ok
22:21:47.0489 0x1500  Fs_Rec - ok
22:21:47.0491 0x1500  fvevol - ok
22:21:47.0494 0x1500  gagp30kx - ok
22:21:47.0498 0x1500  GEARAspiWDM - ok
22:21:47.0501 0x1500  GfExperienceService - ok
22:21:47.0503 0x1500  gpsvc - ok
22:21:47.0506 0x1500  hamachi - ok
22:21:47.0510 0x1500  Hamachi2Svc - ok
22:21:47.0512 0x1500  hcw85cir - ok
22:21:47.0515 0x1500  HdAudAddService - ok
22:21:47.0518 0x1500  HDAudBus - ok
22:21:47.0521 0x1500  HidBatt - ok
22:21:47.0523 0x1500  HidBth - ok
22:21:47.0526 0x1500  HidIr - ok
22:21:47.0528 0x1500  hidserv - ok
22:21:47.0531 0x1500  HidUsb - ok
22:21:47.0533 0x1500  hkmsvc - ok
22:21:47.0536 0x1500  HomeGroupListener - ok
22:21:47.0538 0x1500  HomeGroupProvider - ok
22:21:47.0542 0x1500  HpSAMD - ok
22:21:47.0544 0x1500  HTTP - ok
22:21:47.0547 0x1500  hwpolicy - ok
22:21:47.0550 0x1500  i8042prt - ok
22:21:47.0552 0x1500  iaStorV - ok
22:21:47.0554 0x1500  idsvc - ok
22:21:47.0557 0x1500  IEEtwCollectorService - ok
22:21:47.0559 0x1500  iirsp - ok
22:21:47.0562 0x1500  IKEEXT - ok
22:21:47.0566 0x1500  IntcAzAudAddService - ok
22:21:47.0569 0x1500  intelide - ok
22:21:47.0571 0x1500  intelppm - ok
22:21:47.0574 0x1500  IPBusEnum - ok
22:21:47.0576 0x1500  IpFilterDriver - ok
22:21:47.0579 0x1500  iphlpsvc - ok
22:21:47.0582 0x1500  IPMIDRV - ok
22:21:47.0584 0x1500  IPNAT - ok
22:21:47.0587 0x1500  iPod Service - ok
22:21:47.0589 0x1500  IRENUM - ok
22:21:47.0592 0x1500  isapnp - ok
22:21:47.0594 0x1500  iScsiPrt - ok
22:21:47.0596 0x1500  kbdclass - ok
22:21:47.0600 0x1500  kbdhid - ok
22:21:47.0602 0x1500  KeyIso - ok
22:21:47.0605 0x1500  KSecDD - ok
22:21:47.0607 0x1500  KSecPkg - ok
22:21:47.0610 0x1500  ksthunk - ok
22:21:47.0612 0x1500  KtmRm - ok
22:21:47.0615 0x1500  LanmanServer - ok
22:21:47.0617 0x1500  LanmanWorkstation - ok
22:21:47.0621 0x1500  lltdio - ok
22:21:47.0624 0x1500  lltdsvc - ok
22:21:47.0626 0x1500  lmhosts - ok
22:21:47.0630 0x1500  LSI_FC - ok
22:21:47.0633 0x1500  LSI_SAS - ok
22:21:47.0635 0x1500  LSI_SAS2 - ok
22:21:47.0637 0x1500  LSI_SCSI - ok
22:21:47.0640 0x1500  luafv - ok
22:21:47.0643 0x1500  MBAMProtector - ok
22:21:47.0646 0x1500  MBAMService - ok
22:21:47.0649 0x1500  MBAMWebAccessControl - ok
22:21:47.0652 0x1500  megasas - ok
22:21:47.0655 0x1500  MegaSR - ok
22:21:47.0657 0x1500  MMCSS - ok
22:21:47.0660 0x1500  Modem - ok
22:21:47.0663 0x1500  monitor - ok
22:21:47.0665 0x1500  mouclass - ok
22:21:47.0669 0x1500  mouhid - ok
22:21:47.0671 0x1500  mountmgr - ok
22:21:47.0674 0x1500  MozillaMaintenance - ok
22:21:47.0677 0x1500  mpio - ok
22:21:47.0680 0x1500  mpsdrv - ok
22:21:47.0682 0x1500  MpsSvc - ok
22:21:47.0684 0x1500  MRxDAV - ok
22:21:47.0687 0x1500  mrxsmb - ok
22:21:47.0689 0x1500  mrxsmb10 - ok
22:21:47.0692 0x1500  mrxsmb20 - ok
22:21:47.0694 0x1500  msahci - ok
22:21:47.0697 0x1500  msdsm - ok
22:21:47.0699 0x1500  MSDTC - ok
22:21:47.0704 0x1500  Msfs - ok
22:21:47.0706 0x1500  mshidkmdf - ok
22:21:47.0710 0x1500  msisadrv - ok
22:21:47.0712 0x1500  MSiSCSI - ok
22:21:47.0715 0x1500  msiserver - ok
22:21:47.0718 0x1500  MSKSSRV - ok
22:21:47.0720 0x1500  MSPCLOCK - ok
22:21:47.0723 0x1500  MSPQM - ok
22:21:47.0725 0x1500  MsRPC - ok
22:21:47.0728 0x1500  mssmbios - ok
22:21:47.0731 0x1500  MSTEE - ok
22:21:47.0734 0x1500  MTConfig - ok
22:21:47.0736 0x1500  Mup - ok
22:21:47.0738 0x1500  napagent - ok
22:21:47.0741 0x1500  NativeWifiP - ok
22:21:47.0743 0x1500  NDIS - ok
22:21:47.0746 0x1500  NdisCap - ok
22:21:47.0750 0x1500  NdisTapi - ok
22:21:47.0752 0x1500  Ndisuio - ok
22:21:47.0755 0x1500  NdisWan - ok
22:21:47.0757 0x1500  NDProxy - ok
22:21:47.0760 0x1500  NetBIOS - ok
22:21:47.0762 0x1500  NetBT - ok
22:21:47.0765 0x1500  Netlogon - ok
22:21:47.0767 0x1500  Netman - ok
22:21:47.0769 0x1500  NetMsmqActivator - ok
22:21:47.0772 0x1500  NetPipeActivator - ok
22:21:47.0775 0x1500  netprofm - ok
22:21:47.0777 0x1500  NetTcpActivator - ok
22:21:47.0780 0x1500  NetTcpPortSharing - ok
22:21:47.0782 0x1500  nfrd960 - ok
22:21:47.0785 0x1500  NlaSvc - ok
22:21:47.0788 0x1500  Npfs - ok
22:21:47.0790 0x1500  nsi - ok
22:21:47.0792 0x1500  nsiproxy - ok
22:21:47.0796 0x1500  Ntfs - ok
22:21:47.0798 0x1500  Null - ok
22:21:47.0802 0x1500  NVHDA - ok
22:21:47.0805 0x1500  nvlddmkm - ok
22:21:47.0808 0x1500  NvNetworkService - ok
22:21:47.0811 0x1500  nvraid - ok
22:21:47.0813 0x1500  nvstor - ok
22:21:47.0816 0x1500  NvStreamKms - ok
22:21:47.0818 0x1500  NvStreamSvc - ok
22:21:47.0821 0x1500  nvsvc - ok
22:21:47.0823 0x1500  nvvad_WaveExtensible - ok
22:21:47.0826 0x1500  nv_agp - ok
22:21:47.0830 0x1500  ohci1394 - ok
22:21:47.0869 0x1500  [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service G:\Origin\OriginClientService.exe
22:21:47.0935 0x1500  Origin Client Service - ok
22:21:47.0943 0x1500  ose64 - ok
22:21:47.0946 0x1500  osppsvc - ok
22:21:47.0948 0x1500  p2pimsvc - ok
22:21:47.0951 0x1500  p2psvc - ok
22:21:47.0954 0x1500  Parport - ok
22:21:47.0956 0x1500  partmgr - ok
22:21:47.0959 0x1500  PcaSvc - ok
22:21:47.0961 0x1500  pci - ok
22:21:47.0964 0x1500  pciide - ok
22:21:47.0966 0x1500  pcmcia - ok
22:21:47.0968 0x1500  pcw - ok
22:21:47.0971 0x1500  PEAUTH - ok
22:21:47.0973 0x1500  PeerDistSvc - ok
22:21:47.0977 0x1500  PerfHost - ok
22:21:47.0982 0x1500  pla - ok
22:21:47.0985 0x1500  PlugPlay - ok
22:21:47.0988 0x1500  PnkBstrA - ok
22:21:47.0991 0x1500  PNPMEM - ok
22:21:47.0997 0x1500  PNRPAutoReg - ok
22:21:47.0999 0x1500  PNRPsvc - ok
22:21:48.0001 0x1500  PolicyAgent - ok
22:21:48.0005 0x1500  Power - ok
22:21:48.0007 0x1500  PptpMiniport - ok
22:21:48.0010 0x1500  Processor - ok
22:21:48.0012 0x1500  ProfSvc - ok
22:21:48.0015 0x1500  ProtectedStorage - ok
22:21:48.0017 0x1500  Psched - ok
22:21:48.0019 0x1500  ql2300 - ok
22:21:48.0022 0x1500  ql40xx - ok
22:21:48.0024 0x1500  QWAVE - ok
22:21:48.0027 0x1500  QWAVEdrv - ok
22:21:48.0029 0x1500  RasAcd - ok
22:21:48.0032 0x1500  RasAgileVpn - ok
22:21:48.0036 0x1500  RasAuto - ok
22:21:48.0038 0x1500  Rasl2tp - ok
22:21:48.0041 0x1500  RasMan - ok
22:21:48.0043 0x1500  RasPppoe - ok
22:21:48.0046 0x1500  RasSstp - ok
22:21:48.0049 0x1500  rdbss - ok
22:21:48.0052 0x1500  rdpbus - ok
22:21:48.0055 0x1500  RDPCDD - ok
22:21:48.0058 0x1500  RDPDR - ok
22:21:48.0060 0x1500  RDPENCDD - ok
22:21:48.0065 0x1500  RDPREFMP - ok
22:21:48.0068 0x1500  RdpVideoMiniport - ok
22:21:48.0071 0x1500  RDPWD - ok
22:21:48.0073 0x1500  rdyboost - ok
22:21:48.0076 0x1500  RemoteAccess - ok
22:21:48.0078 0x1500  RemoteRegistry - ok
22:21:48.0081 0x1500  RpcEptMapper - ok
22:21:48.0083 0x1500  RpcLocator - ok
22:21:48.0086 0x1500  RpcSs - ok
22:21:48.0088 0x1500  rspndr - ok
22:21:48.0091 0x1500  RTL8167 - ok
22:21:48.0093 0x1500  s3cap - ok
22:21:48.0096 0x1500  SamSs - ok
22:21:48.0098 0x1500  sbp2port - ok
22:21:48.0101 0x1500  SCardSvr - ok
22:21:48.0103 0x1500  scfilter - ok
22:21:48.0105 0x1500  Schedule - ok
22:21:48.0108 0x1500  SCPolicySvc - ok
22:21:48.0110 0x1500  SDRSVC - ok
22:21:48.0113 0x1500  secdrv - ok
22:21:48.0119 0x1500  seclogon - ok
22:21:48.0122 0x1500  SENS - ok
22:21:48.0125 0x1500  SensrSvc - ok
22:21:48.0127 0x1500  Serenum - ok
22:21:48.0131 0x1500  Serial - ok
22:21:48.0132 0x1500  sermouse - ok
22:21:48.0138 0x1500  SessionEnv - ok
22:21:48.0141 0x1500  sffdisk - ok
22:21:48.0143 0x1500  sffp_mmc - ok
22:21:48.0147 0x1500  sffp_sd - ok
22:21:48.0149 0x1500  sfloppy - ok
22:21:48.0152 0x1500  SharedAccess - ok
22:21:48.0155 0x1500  ShellHWDetection - ok
22:21:48.0157 0x1500  SiSRaid2 - ok
22:21:48.0160 0x1500  SiSRaid4 - ok
22:21:48.0164 0x1500  SkypeUpdate - ok
22:21:48.0166 0x1500  Smb - ok
22:21:48.0171 0x1500  snikdf - ok
22:21:48.0174 0x1500  SNMPTRAP - ok
22:21:48.0176 0x1500  spldr - ok
22:21:48.0179 0x1500  Spooler - ok
22:21:48.0181 0x1500  sppsvc - ok
22:21:48.0183 0x1500  sppuinotify - ok
22:21:48.0186 0x1500  srv - ok
22:21:48.0188 0x1500  srv2 - ok
22:21:48.0191 0x1500  srvnet - ok
22:21:48.0193 0x1500  SSDPSRV - ok
22:21:48.0196 0x1500  SstpSvc - ok
22:21:48.0199 0x1500  Steam Client Service - ok
22:21:48.0201 0x1500  stexstor - ok
22:21:48.0204 0x1500  stisvc - ok
22:21:48.0207 0x1500  storflt - ok
22:21:48.0210 0x1500  storvsc - ok
22:21:48.0212 0x1500  swenum - ok
22:21:48.0216 0x1500  swprv - ok
22:21:48.0218 0x1500  Synth3dVsc - ok
22:21:48.0221 0x1500  SysMain - ok
22:21:48.0223 0x1500  TabletInputService - ok
22:21:48.0225 0x1500  TapiSrv - ok
22:21:48.0228 0x1500  TBS - ok
22:21:48.0230 0x1500  Tcpip - ok
22:21:48.0233 0x1500  TCPIP6 - ok
22:21:48.0236 0x1500  tcpipreg - ok
22:21:48.0240 0x1500  TDPIPE - ok
22:21:48.0242 0x1500  TDTCP - ok
22:21:48.0247 0x1500  tdx - ok
22:21:48.0249 0x1500  TermDD - ok
22:21:48.0251 0x1500  terminpt - ok
22:21:48.0254 0x1500  TermService - ok
22:21:48.0256 0x1500  Themes - ok
22:21:48.0259 0x1500  THREADORDER - ok
22:21:48.0261 0x1500  TrkWks - ok
22:21:48.0265 0x1500  truecrypt - ok
22:21:48.0269 0x1500  TrueCryptSystemFavorites - ok
22:21:48.0271 0x1500  TrustedInstaller - ok
22:21:48.0275 0x1500  tssecsrv - ok
22:21:48.0277 0x1500  TsUsbFlt - ok
22:21:48.0280 0x1500  TsUsbGD - ok
22:21:48.0282 0x1500  tsusbhub - ok
22:21:48.0286 0x1500  tunnel - ok
22:21:48.0288 0x1500  uagp35 - ok
22:21:48.0291 0x1500  udfs - ok
22:21:48.0296 0x1500  UI0Detect - ok
22:21:48.0299 0x1500  uliagpkx - ok
22:21:48.0301 0x1500  umbus - ok
22:21:48.0304 0x1500  UmPass - ok
22:21:48.0306 0x1500  UmRdpService - ok
22:21:48.0309 0x1500  upnphost - ok
22:21:48.0311 0x1500  USBAAPL64 - ok
22:21:48.0314 0x1500  USBADVAU - ok
22:21:48.0316 0x1500  usbaudio - ok
22:21:48.0319 0x1500  usbccgp - ok
22:21:48.0321 0x1500  usbcir - ok
22:21:48.0324 0x1500  usbehci - ok
22:21:48.0326 0x1500  usbfilter - ok
22:21:48.0329 0x1500  usbhub - ok
22:21:48.0332 0x1500  usbohci - ok
22:21:48.0335 0x1500  usbprint - ok
22:21:48.0337 0x1500  USBSTOR - ok
22:21:48.0340 0x1500  usbuhci - ok
22:21:48.0342 0x1500  UxSms - ok
22:21:48.0344 0x1500  VaultSvc - ok
22:21:48.0347 0x1500  VClone - ok
22:21:48.0349 0x1500  vdrvroot - ok
22:21:48.0352 0x1500  vds - ok
22:21:48.0354 0x1500  vga - ok
22:21:48.0357 0x1500  VgaSave - ok
22:21:48.0359 0x1500  VGPU - ok
22:21:48.0361 0x1500  vhdmp - ok
22:21:48.0365 0x1500  viaide - ok
22:21:48.0368 0x1500  vmbus - ok
22:21:48.0370 0x1500  VMBusHID - ok
22:21:48.0373 0x1500  volmgr - ok
22:21:48.0379 0x1500  volmgrx - ok
22:21:48.0381 0x1500  volsnap - ok
22:21:48.0384 0x1500  vsmraid - ok
22:21:48.0387 0x1500  VSS - ok
22:21:48.0389 0x1500  vwifibus - ok
22:21:48.0392 0x1500  W32Time - ok
22:21:48.0395 0x1500  WacomPen - ok
22:21:48.0398 0x1500  WANARP - ok
22:21:48.0400 0x1500  Wanarpv6 - ok
22:21:48.0402 0x1500  wbengine - ok
22:21:48.0405 0x1500  WbioSrvc - ok
22:21:48.0407 0x1500  wcncsvc - ok
22:21:48.0410 0x1500  WcsPlugInService - ok
22:21:48.0412 0x1500  Wd - ok
22:21:48.0416 0x1500  Wdf01000 - ok
22:21:48.0419 0x1500  WdiServiceHost - ok
22:21:48.0421 0x1500  WdiSystemHost - ok
22:21:48.0424 0x1500  WebClient - ok
22:21:48.0426 0x1500  Wecsvc - ok
22:21:48.0429 0x1500  wercplsupport - ok
22:21:48.0432 0x1500  WerSvc - ok
22:21:48.0434 0x1500  WfpLwf - ok
22:21:48.0437 0x1500  WIMMount - ok
22:21:48.0439 0x1500  WinDefend - ok
22:21:48.0444 0x1500  WinHttpAutoProxySvc - ok
22:21:48.0447 0x1500  Winmgmt - ok
22:21:48.0449 0x1500  WinRM - ok
22:21:48.0454 0x1500  WinUsb - ok
22:21:48.0458 0x1500  Wlansvc - ok
22:21:48.0461 0x1500  WmiAcpi - ok
22:21:48.0465 0x1500  wmiApSrv - ok
22:21:48.0468 0x1500  WPCSvc - ok
22:21:48.0470 0x1500  WPDBusEnum - ok
22:21:48.0473 0x1500  ws2ifsl - ok
22:21:48.0475 0x1500  wscsvc - ok
22:21:48.0479 0x1500  wuauserv - ok
22:21:48.0482 0x1500  WudfPf - ok
22:21:48.0484 0x1500  WUDFRd - ok
22:21:48.0487 0x1500  wudfsvc - ok
22:21:48.0490 0x1500  WwanSvc - ok
22:21:48.0494 0x1500  xusb21 - ok
22:21:48.0499 0x1500  ================ Scan global ===============================
22:21:48.0500 0x1500  [ Global ] - ok
22:21:48.0501 0x1500  ================ Scan MBR ==================================
22:21:48.0502 0x1500  [ 7B171CBADA4EBC1052AB665E82AC3E8A ] \Device\Harddisk0\DR0
22:21:48.0724 0x1500  \Device\Harddisk0\DR0 - ok
22:21:48.0731 0x1500  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:21:48.0776 0x1500  \Device\Harddisk1\DR1 - ok
22:21:48.0778 0x1500  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
22:21:48.0812 0x1500  \Device\Harddisk2\DR2 - ok
22:21:48.0814 0x1500  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
22:21:48.0845 0x1500  \Device\Harddisk3\DR3 - ok
22:21:48.0846 0x1500  ================ Scan VBR ==================================
22:21:48.0847 0x1500  [ 3A8C71080B478B2E48E788474ED0B346 ] \Device\Harddisk0\DR0\Partition1
22:21:48.0848 0x1500  \Device\Harddisk0\DR0\Partition1 - ok
22:21:48.0850 0x1500  [ 5212D6FAD0EFBC8C2DB378012E4BA302 ] \Device\Harddisk0\DR0\Partition2
22:21:48.0850 0x1500  \Device\Harddisk0\DR0\Partition2 - ok
22:21:48.0852 0x1500  [ A7284A3F5EB099465236CE59D2D0E23E ] \Device\Harddisk1\DR1\Partition1
22:21:48.0852 0x1500  \Device\Harddisk1\DR1\Partition1 - ok
22:21:48.0855 0x1500  [ 5C4F1A6AA574365B575F4B74EDF4E21B ] \Device\Harddisk2\DR2\Partition1
22:21:48.0856 0x1500  \Device\Harddisk2\DR2\Partition1 - ok
22:21:48.0857 0x1500  [ 5ADE14069157BA82A0A5834D3D5A6571 ] \Device\Harddisk3\DR3\Partition1
22:21:48.0859 0x1500  \Device\Harddisk3\DR3\Partition1 - ok
22:21:48.0860 0x1500  [ 181BB994B1B54C75911A0D4318000F41 ] \Device\Harddisk3\DR3\Partition2
22:21:48.0861 0x1500  \Device\Harddisk3\DR3\Partition2 - ok
22:21:48.0862 0x1500  ================ Scan generic autorun ======================
22:21:48.0862 0x1500  RtHDVCpl - ok
22:21:48.0863 0x1500  RtHDVBg_Dolby - ok
22:21:48.0864 0x1500  3DG4me - ok
22:21:48.0865 0x1500  NvBackend - ok
22:21:48.0866 0x1500  ShadowPlay - ok
22:21:48.0867 0x1500  XboxStat - ok
22:21:48.0868 0x1500  Dolby Home Theater v4 - ok
22:21:48.0870 0x1500  VirtualCloneDrive - ok
22:21:48.0871 0x1500  avgnt - ok
22:21:48.0872 0x1500   Malwarebytes Anti-Malware  (cleanup) - ok
22:21:48.0873 0x1500  TrueCrypt - ok
22:21:48.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:49.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:50.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:51.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:52.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:53.0875 0x1500  Waiting for KSN requests completion. In queue: 1
22:21:54.0886 0x1500  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
22:21:54.0889 0x1500  Win FW state via NFP2: enabled
22:21:57.0324 0x1500  ============================================================
22:21:57.0324 0x1500  Scan finished
22:21:57.0324 0x1500  ============================================================
22:21:57.0330 0x0cd4  Detected object count: 0
22:21:57.0330 0x0cd4  Actual detected object count: 0

M-K-D-B · 20.03.2015, 22:24

Servus,

ok, wir starten mit ComboFix:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CBAN3489 · 20.03.2015, 22:36

Code:

ATTFilter

ComboFix 15-03-14.03 - Achmed 20.03.2015  22:30:02.2.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16365.13763 [GMT 1:00]
ausgeführt von:: d:\eigene dateien\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-20 bis 2015-03-20  ))))))))))))))))))))))))))))))
.
.
2015-03-20 21:32 . 2015-03-20 21:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-20 18:30 . 2015-03-20 18:30	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-20 17:34 . 2015-03-20 18:41	--------	d-----w-	c:\program files\Unlocker
2015-03-16 16:44 . 2015-03-20 19:25	--------	d-----w-	c:\users\Achmed\AppData\Roaming\TeamViewer
2015-03-13 19:23 . 2015-03-20 19:25	--------	d-----w-	c:\users\Achmed\AppData\Local\CrashDumps
2015-03-06 23:50 . 2015-03-06 23:50	--------	d-----we	c:\users\Achmed\AppData\Roaming\.minecraft
2015-03-06 11:51 . 2015-03-06 11:51	--------	d-----w-	c:\users\Achmed\AppData\Local\LogMeIn
2015-03-06 11:51 . 2015-03-06 11:51	--------	d-----w-	c:\programdata\LogMeIn
2015-03-06 11:51 . 2015-03-20 21:32	--------	d-----w-	c:\users\Achmed\AppData\Local\LogMeIn Hamachi
2015-03-06 11:44 . 2015-03-06 11:44	--------	d-----w-	c:\users\Achmed\AppData\Local\Steam
2015-03-05 16:42 . 2015-03-20 17:25	--------	d-----w-	c:\users\Achmed\AppData\Roaming\vlc
2015-03-03 16:20 . 2015-03-05 16:42	--------	d-----w-	c:\program files\VideoLAN
2015-03-02 19:47 . 2015-03-02 19:47	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2015-02-28 19:54 . 2015-02-28 19:54	--------	d-----w-	c:\program files\Microsoft Xbox 360 Accessories
2015-02-27 19:43 . 2015-02-27 19:43	--------	d-----w-	c:\users\Achmed\AppData\Local\BANDAI NAMCO Games
2015-02-23 22:55 . 2015-02-23 22:55	--------	d-sh--w-	c:\users\Achmed\AppData\Local\EmieUserList
2015-02-23 22:55 . 2015-02-23 22:55	--------	d-sh--w-	c:\users\Achmed\AppData\Local\EmieSiteList
2015-02-23 22:55 . 2015-02-23 22:55	--------	d-sh--w-	c:\users\Achmed\AppData\Local\EmieBrowserModeList
2015-02-23 02:02 . 2015-02-23 02:02	--------	d-----w-	c:\users\Achmed\AppData\Roaming\AccurateRip
2015-02-23 02:02 . 2015-02-23 02:02	4022504	----a-w-	c:\windows\SysWow64\SpoonUninstall.exe
2015-02-23 02:02 . 2015-02-23 02:02	--------	d-----w-	c:\program files (x86)\Illustrate
2015-02-22 00:33 . 2015-03-05 03:16	--------	d-----w-	c:\users\Achmed\AppData\Roaming\CodeBlocks
2015-02-20 23:07 . 2015-03-10 16:23	--------	d-----w-	c:\users\Achmed\AppData\Local\Spotify
2015-02-20 23:06 . 2015-03-10 16:31	--------	d-----w-	c:\users\Achmed\AppData\Roaming\Spotify
2015-02-19 15:19 . 2015-02-19 15:19	--------	d-----w-	c:\windows\system32\appmgmt
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-20 19:39 . 2015-03-20 19:39	98	----a-w-	c:\windows\Fonts\tmrkxjft
2015-03-13 19:41 . 2015-02-10 14:54	14121624	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-03-13 19:41 . 2015-02-10 14:54	3303448	----a-w-	c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2015-01-27 18:52	73872	----a-w-	c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2015-01-27 18:52	60560	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2015-01-27 18:51	18580512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2015-01-27 18:51	16022016	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2015-03-13 16:16 . 2015-01-27 18:52	6861968	----a-w-	c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2015-01-27 18:52	3526856	----a-w-	c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2015-01-27 18:52	935056	----a-w-	c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2015-01-27 18:52	62608	----a-w-	c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2015-01-27 18:52	386248	----a-w-	c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2015-01-27 18:52	2559808	----a-w-	c:\windows\system32\nvsvcr.dll
2015-03-13 12:40 . 2015-01-27 21:56	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-13 12:40 . 2015-01-27 21:56	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 00:58 . 2015-01-27 23:15	226680	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-03-12 00:58 . 2015-01-27 23:15	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-03-11 13:10 . 2015-01-27 18:52	4246327	----a-w-	c:\windows\system32\nvcoproc.bin
2015-03-11 03:47 . 2013-12-13 19:00	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-04 11:34 . 2015-01-27 19:48	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-03-04 11:34 . 2015-01-27 19:47	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-04 11:34 . 2015-01-27 19:47	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-03-03 20:45 . 2015-02-17 16:15	1141536	----a-w-	c:\programdata\Microsoft\WDExpress\12.0\1031\ResourceCache.dll
2015-02-16 15:20 . 2015-02-16 15:20	33856	---ha-w-	c:\windows\system32\drivers\hamachi.sys
2015-02-05 21:01 . 2015-02-10 14:55	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-02-05 21:01 . 2015-02-10 14:55	1514528	----a-w-	c:\windows\system32\nvspcap64.dll
2015-02-05 21:01 . 2015-02-10 14:55	1316184	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-02-05 21:01 . 2015-02-10 14:55	1278920	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-02-05 21:01 . 2015-02-10 14:54	1895240	----a-w-	c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-10 14:54	1557648	----a-w-	c:\windows\system32\nvdispgenco6434752.dll
2015-02-03 10:28 . 2015-01-27 23:15	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2015-01-28 11:59 . 2015-01-28 11:59	76152	----a-w-	c:\windows\system32\PnkBstrA.exe
2015-01-27 17:49 . 2015-01-27 19:39	1516496	----a-w-	c:\windows\SysWow64\TrueCrypt.exe
2015-01-27 17:49 . 2015-01-27 17:49	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2015-01-10 08:07 . 2015-01-27 18:51	1895240	----a-w-	c:\windows\system32\nvdispco6434725.dll
2015-01-10 08:07 . 2015-01-27 18:51	1556808	----a-w-	c:\windows\system32\nvdispgenco6434725.dll
2015-01-09 03:14 . 2015-02-11 11:43	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 11:43	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 11:43	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 11:43	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2015-01-08 08:55 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 10:45	1730256	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 10:45	1730256	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 10:45	1730256	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2015-01-27 1516496]
"uTorrent"="d:\eigene dateien\uTorrent\uTorrent.exe" [2011-07-23 328056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-19 704512]
"LogMeIn Hamachi Ui"="d:\hamachi\hamachi-2-ui.exe" [2015-02-17 3978600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" [2015-03-17 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe;d:\hamachi\hamachi-2.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 02662447
*NewlyCreated* - 82588207
*Deregistered* - 02662447
*Deregistered* - 82588207
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-13 13662936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-12-13 1368792]
"3DG4me"="c:\windows\System\3DG4me.exe" [2013-05-28 151552]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-05 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-02-05 1514528]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.Gigabyte.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-20  22:34:07
ComboFix-quarantined-files.txt  2015-03-20 21:34
.
Vor Suchlauf: 12 Verzeichnis(se), 37.849.993.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 37.415.243.776 Bytes frei
.
- - End Of File - - EA055A80E749D3EC848A5B9A657AB118
7B171CBADA4EBC1052AB665E82AC3E8A

M-K-D-B · 20.03.2015, 22:44

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

CBAN3489 · 20.03.2015, 23:08

Eine der Prozesse hier hat mir meine hosts Datei zerlegt. Das finde ich nicht sehr prickelnd. Vor sowas sollte man dann warnen, damit man sich eine Sicherung anlegen kann. FYI

Hier die Logs:

Code:

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 20/03/2015 um 22:50:39
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Achmed - INSANITY
# Gestarted von : D:\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [886 Bytes] - [20/03/2015 22:49:37]
AdwCleaner[S0].txt - [809 Bytes] - [20/03/2015 22:50:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [867  Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.03.2015
Suchlauf-Zeit: 22:53:07
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.20.07
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Achmed

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363621
Verstrichene Zeit: 4 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
Trojan.Agent.Gen, C:\Windows\temp\svchost.exe, In Quarantäne, [93346fd8e6a4310508b0c823f4107b85], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x64
Ran by Achmed on 20.03.2015 at 23:01:49,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.03.2015 at 23:03:34,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Achmed (administrator) on INSANITY on 20-03-2015 23:04:06
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: Achmed (Available profiles: Achmed)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-414628413-2699045466-946937149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Gigabyte.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-08-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\battlenet.xml [2015-03-14]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\leo-eng-deu-v20.xml [2015-03-06]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\minecraft-wiki-en.xml [2015-02-18]
FF Extension: Video Downloader professional - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-03-11]
FF Extension: NoScript - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-27]
FF Extension: Adblock Plus - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 Origin Client Service; G:\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
S2 TrueCryptSystemFavorites; C:\Windows\SysWOW64\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 22:49 - 2015-03-20 22:50 - 00000000 ____D () C:\AdwCleaner
2015-03-20 22:34 - 2015-03-20 22:34 - 00013321 _____ () C:\ComboFix.txt
2015-03-20 22:26 - 2015-03-20 22:34 - 00000000 ____D () C:\Qoobox
2015-03-20 22:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-20 22:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-20 22:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-20 22:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-20 22:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-20 22:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-20 22:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-20 22:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-20 21:36 - 2015-03-20 23:04 - 00000000 ____D () C:\FRST
2015-03-20 20:33 - 2015-03-20 22:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 20:33 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-20 20:33 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-20 20:28 - 2015-03-20 22:58 - 00004070 _____ () C:\Windows\PFRO.log
2015-03-20 20:28 - 2015-03-20 22:58 - 00000672 _____ () C:\Windows\setupact.log
2015-03-20 20:28 - 2015-03-20 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-20 20:00 - 2015-03-20 22:26 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 19:30 - 2015-03-20 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 18:34 - 2015-03-20 19:41 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-20 18:34 - 2015-03-20 18:34 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-03-20 02:16 - 2015-03-20 02:16 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2015-03-20 00:16 - 2015-03-20 00:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-18 00:35 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:35 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 17:44 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\TeamViewer
2015-03-13 20:23 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Local\CrashDumps
2015-03-11 04:52 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 04:52 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 04:46 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 04:46 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 04:46 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 04:46 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 04:46 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 04:46 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 04:46 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 04:46 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 04:46 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 04:46 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 04:46 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 04:46 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 04:46 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 04:46 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 04:46 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 04:46 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 04:46 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 04:46 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 04:46 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 04:46 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 04:46 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 04:46 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 04:46 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 04:46 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 04:46 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 04:46 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 04:46 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 04:46 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 04:46 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 04:46 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 04:46 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 04:46 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 04:46 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 04:46 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 04:46 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 04:46 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 04:46 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 04:46 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 04:46 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 04:46 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 04:46 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 04:46 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 04:46 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 04:46 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 04:46 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 04:46 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 04:46 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 04:46 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 04:46 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 04:46 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ___DL () C:\Users\Achmed\AppData\Roaming\.minecraft
2015-03-06 20:20 - 2015-03-06 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland
2015-03-06 20:18 - 2015-03-06 20:18 - 00001083 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client.lnk
2015-03-06 13:05 - 2015-03-06 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-20 22:59 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-06 12:44 - 2015-03-06 12:44 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Steam
2015-03-05 17:42 - 2015-03-20 22:46 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\vlc
2015-03-05 17:42 - 2015-03-05 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-03 17:20 - 2015-03-05 17:42 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-02 20:47 - 2015-03-02 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-02-27 20:43 - 2015-02-27 20:43 - 00000000 ____D () C:\Users\Achmed\AppData\Local\BANDAI NAMCO Games
2015-02-27 20:30 - 2015-03-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse
2015-02-24 11:06 - 2015-02-24 11:06 - 00001437 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieUserList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieSiteList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieBrowserModeList
2015-02-23 03:02 - 2015-02-23 03:02 - 04022504 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00017950 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00013082 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\AccurateRip
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Program Files (x86)\Illustrate
2015-02-23 02:23 - 2015-02-23 02:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-23 02:11 - 2015-02-23 02:23 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00001787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-23 02:11 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-02-22 01:33 - 2015-03-05 04:16 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\CodeBlocks
2015-02-21 00:07 - 2015-03-10 17:23 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Spotify
2015-02-21 00:07 - 2015-02-21 00:07 - 00001812 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-21 00:06 - 2015-03-10 17:31 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Spotify
2015-02-19 16:30 - 2015-02-22 15:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-19 16:30 - 2015-02-22 15:14 - 00002065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-19 16:19 - 2015-02-19 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 23:04 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 23:04 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 23:02 - 2015-01-27 18:47 - 01340404 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 22:59 - 2015-01-29 16:54 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-20 22:58 - 2015-01-29 16:39 - 00000000 ____D () C:\Windows\SHELLNEW
2015-03-20 22:58 - 2011-04-12 08:43 - 00659744 _____ () C:\Windows\system32\perfh007.dat
2015-03-20 22:58 - 2011-04-12 08:43 - 00134908 _____ () C:\Windows\system32\perfc007.dat
2015-03-20 22:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 22:48 - 2015-01-27 19:39 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Skype
2015-03-20 22:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 21:34 - 2015-01-27 19:14 - 00007621 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-03-20 20:34 - 2009-07-14 06:13 - 01554882 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 20:30 - 2015-01-27 18:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 20:25 - 2015-01-30 17:37 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\FileZilla
2015-03-20 20:25 - 2013-12-13 19:19 - 00000000 ____D () C:\Windows\Panther
2015-03-20 20:11 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed\AppData\Local\VirtualStore
2015-03-20 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-20 18:56 - 2015-01-27 19:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 04:19 - 2015-01-27 22:52 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Battle.net
2015-03-20 02:16 - 2015-01-27 22:05 - 00000000 ___HD () C:\ProgramData\Origin
2015-03-20 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-20 00:16 - 2015-01-27 19:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 00:36 - 2015-01-27 19:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 20:41 - 2015-02-10 15:54 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 20:41 - 2015-02-10 15:54 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 17:16 - 2015-01-27 19:52 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 17:16 - 2015-01-27 19:52 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 13:40 - 2015-01-27 22:56 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 13:40 - 2015-01-27 22:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 13:40 - 2015-01-27 21:37 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Adobe
2015-03-12 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 01:58 - 2015-01-28 00:15 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-12 01:58 - 2015-01-28 00:15 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-11 14:10 - 2015-01-27 19:52 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-11 11:39 - 2009-07-14 05:45 - 05101264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 04:50 - 2013-12-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 04:47 - 2013-12-13 20:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 03:44 - 2015-01-28 00:14 - 00000000 ____D () C:\ProgramData\Steam
2015-03-06 20:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-06 12:37 - 2015-01-27 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 12:37 - 2015-01-27 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla
2015-03-05 17:27 - 2015-01-28 16:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-04 12:34 - 2015-01-27 20:48 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 22:09 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-03 22:07 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-03 21:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-03 21:45 - 2015-02-17 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-02 22:54 - 2015-01-28 01:50 - 00000000 ____D () C:\World of Warcraft
2015-03-02 20:43 - 2015-01-27 22:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 03:01 - 2015-02-01 01:54 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Mp3tag
2015-02-20 11:39 - 2015-01-27 20:05 - 00111912 _____ () C:\Users\Achmed\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 16:33 - 2015-02-05 13:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-19 16:30 - 2015-01-27 21:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 16:21 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed
2015-02-19 16:20 - 2015-01-27 21:38 - 00000000 ____D () C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-01-27 19:14 - 2015-03-20 21:34 - 0007621 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-01-27 19:31 - 2015-01-27 19:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Achmed\AppData\Local\Temp\avgnt.exe
C:\Users\Achmed\AppData\Local\Temp\Quarantine.exe
C:\Users\Achmed\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 20:46

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Achmed at 2015-03-20 23:04:25
Running from D:\Eigene Dateien\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EASEUS Partition Master 9.1.1 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{76EE13CA-33D7-4DC4-B15C-FE0B2CD1E949}) (Version: 2.2.4.0 - Husdawg, LLC)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-03-2015 20:10:07 ComboFix created restore point
20-03-2015 20:30:28 Entfernt Gigabyte Raid Configurer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-20 22:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {041749C7-AE29-4952-AE9B-7693A8DE8B32} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1EE4A513-5C6E-46EA-8A28-956F26FDFA48} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-29] ()
Task: {21A2B23C-C9DA-4C28-B592-EA501A87FC9B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4669F2F8-699C-4770-B38A-D5D2B833631A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E2939AA-BF35-4AA1-807C-FEAA9F212482} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () <==== ATTENTION
Task: {68956E24-59E7-4A9B-8FD4-005F998B6B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {844A6DAB-20C9-4E3C-A2C6-C0E621F485C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F5FE2AF2-87E4-4368-9762-748E404712E4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) ==============

2015-01-27 19:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 00:15 - 2015-02-03 11:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-02 15:43 - 2015-03-02 15:43 - 00099288 _____ () D:\Eigene Dateien\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrueCryptSystemFavorites => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-414628413-2699045466-946937149-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Achmed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Achmed (S-1-5-21-414628413-2699045466-946937149-1000 - Administrator - Enabled) => C:\Users\Achmed
Administrator (S-1-5-21-414628413-2699045466-946937149-500 - Administrator - Disabled)
Gast (S-1-5-21-414628413-2699045466-946937149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-414628413-2699045466-946937149-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 16365.16 MB
Available physical RAM: 13366.48 MB
Total Pagefile: 16363.35 MB
Available Pagefile: 13291.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (100 GB Windows 7) (Fixed) (Total:100.51 GB) (Free:34.99 GB) NTFS
Drive d: (250 GB Docs) (Fixed) (Total:232.88 GB) (Free:124.7 GB) NTFS
Drive e: (250 GB Data) (Fixed) (Total:232.88 GB) (Free:85.61 GB) NTFS
Drive f: (1750 GB Data) (Fixed) (Total:1630.18 GB) (Free:94.83 GB) NTFS
Drive g: (250 GB Games) (Fixed) (Total:232.83 GB) (Free:32.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D6142743)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 76204D87)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 0E090C11)
Partition 1: (Not Active) - (Size=1630.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 20.03.2015, 23:18

Zitat:

Zitat von CBAN3489

Eine der Prozesse hier hat mir meine hosts Datei zerlegt. Das finde ich nicht sehr prickelnd. Vor sowas sollte man dann warnen, damit man sich eine Sicherung anlegen kann. FYI

Wozu waren diese Einträge gut?

Zitat:

127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

CBAN3489 · 21.03.2015, 00:35

Die Einträge dienten dafür, einen Bug im Programm "Skype" zu umgehen. Wenn man in ein Chatfenster tabbte, verlor sich der Fokus vom Textfeld in das Werbefeld.
Die Enträge blockierten die Werbung, also konnte darauf nicht mehr fokusiert werden und man konnte ohne entnervendes Klicken in die Konversationen tabben.

Nach jedem Neustart werden die Dateien erneut geladen und tun ihre Arbeit, bis ich den Prozess beende. Also bisher keine Besserung.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.20.07
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Achmed :: INSANITY [administrator]

20.03.2015 23:22:55
mbar-log-2015-03-20 (23-22-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 364762
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [d0f782c5e9a1ec4af8c0c427e91b10f0]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Ich habe hier nachträglich noch ein LOG vom Miner selbst. Ich bezweifel, dass daraus viel zu machen ist, aber es zeigt, womit man es zu tun hat. Mit einem CPU Miner, der sich zu einem pool verbindet.

Code:

ATTFilter

00:15:29:445	114c	
00:15:29:445	114c	ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
00:15:29:445	114c	º            Claymore CryptoNote CPU Miner  v3.4 Beta            º
00:15:29:445	114c	ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ¼
00:15:29:648	114c	64-bit version
00:15:29:648	114c	CPU supports AES-NI - faster mining!
00:15:29:648	114c	Logical CPU cores: 6
00:15:29:648	114c	Number of threads: Autoselection...
00:15:29:648	114c	Using 5 threads
00:15:29:648	114c	scfg: 1
00:15:29:648	114c	1 pool specified.
00:15:29:648	114c	Press "m" key for tune mode.
00:15:29:664	124c	Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
00:15:29:664	1240	Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
00:15:29:679	124c	Stratum - Connected
00:15:29:679	1240	Stratum - Connected
00:15:29:710	124c	got 303 bytes
00:15:29:710	124c	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"594639034010469","job":{"blob":"0100bdd5b2a80581a86dc73a89b036fd316402e44682470e23161ddb8800e5578fb44ff0fb446f00000000b76ee2623d903c9eabb161031b2d8c39d783df7e1a4f0a09471a1e9165d3665601","job_id":"385761340614408","target":"711b0d00"},"status":"OK"}}

00:15:29:710	124c	parse packet: 303
00:15:29:710	124c	new buf size: 0
00:15:29:710	124c	Pool Diff 5000
00:15:29:710	124c	df has same pool, skip
00:15:29:726	1240	got 303 bytes
00:15:29:726	1240	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"682112672529183","job":{"blob":"0100bdd5b2a80581a86dc73a89b036fd316402e44682470e23161ddb8800e5578fb44ff0fb446f00000000b4c5b79a21f515bc8d515124d2a937aac4d71bcd443c62ce8f7e382743d6fa1101","job_id":"579137328756041","target":"711b0d00"},"status":"OK"}}

00:15:29:726	1240	parse packet: 303
00:15:29:726	1240	new buf size: 0
00:15:29:726	1240	DevFee: Pool Diff 5000
00:15:32:331	1240	got 253 bytes
00:15:32:331	1240	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"0100e2d5b2a805cf84f950b8c491b566c269335fb0525465d37034d7062eb7b772627b300d1d4f00000000b8cdce36dbe8e1b4666a8cc35e36c5f28d41c7bae2fa836cd189ee7e39706ee001","job_id":"843905034917406","target":"711b0d00"}}

00:15:32:331	1240	parse packet: 253
00:15:32:331	1240	new buf size: 0
00:15:32:331	1240	DevFee: 03/21/15-00:15:32 - New job received from pool.cryptmonero.com:1001
00:15:32:877	124c	got 253 bytes
00:15:32:877	124c	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"0100e3d5b2a805cf84f950b8c491b566c269335fb0525465d37034d7062eb7b772627b300d1d4f00000000e84fdd80831dd2bbc966a3d050af7f74a601bd86da6ac09b07b70118122e4e9e01","job_id":"776672342233359","target":"711b0d00"}}

00:15:32:877	124c	parse packet: 253
00:15:32:877	124c	new buf size: 0
00:15:32:877	124c	df has same pool, skip
00:15:32:877	124c	03/21/15-00:15:32 - New job received from pool.cryptmonero.com:1001
00:15:32:877	124c	Speed: 287 h/s, TotalHashes: 0K, DevHashes: 0K Mining time:
00:15:32:877	124c	00:00

Des Weiteren hab ich rausgefunden, dass mit deaktivierter LAN-Verbindung nichts passiert. Kaum schalte ich die Verbindung wieder ein, laden sich die zwei Dateien ins Verzeichnis und beginnen ihre Arbeit.

Das schließt dann schonmal aus, dass sich die Dateien irgendwo bei mir verstecken. Muss nur noch herausfinden, welcher Prozess oder Dienst diesen Befehl ausführt.

M-K-D-B · 21.03.2015, 12:46

Servus,

ich denke, ich habe den Ursprung gefunden.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
Task: {1EE4A513-5C6E-46EA-8A28-956F26FDFA48} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-29] ()
C:\Windows\AutoKMS
Task: {5E2939AA-BF35-4AA1-807C-FEAA9F212482} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () <==== ATTENTION
C:\ProgramData\Origin
HKU\S-1-5-21-414628413-2699045466-946937149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\DP45977C.lfl
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die beiden neuen Logdateien von FRST.

CBAN3489 · 21.03.2015, 14:37

Hallo,

scheinbar lag es an der update.vbe in diesem Origin ordner. Nach dem Neustart wurde jedenfalls nichts mehr geladen.

Jedenfalls sind hier die Logs:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Achmed at 2015-03-21 14:21:31 Run:1
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: Achmed (Available profiles: Achmed)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {5E2939AA-BF35-4AA1-807C-FEAA9F212482} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () <==== ATTENTION
C:\ProgramData\Origin
HKU\S-1-5-21-414628413-2699045466-946937149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\DP45977C.lfl
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E2939AA-BF35-4AA1-807C-FEAA9F212482}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E2939AA-BF35-4AA1-807C-FEAA9F212482}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\ProgramData\Origin => Moved successfully.
"HKU\S-1-5-21-414628413-2699045466-946937149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
EmptyTemp: => Removed 204 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:21:39 ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Achmed (administrator) on INSANITY on 21-03-2015 14:25:53
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: Achmed (Available profiles: Achmed)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\system\3DG4me.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Users\Achmed\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-414628413-2699045466-946937149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-08-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\battlenet.xml [2015-03-14]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\leo-eng-deu-v20.xml [2015-03-06]
FF SearchPlugin: C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\searchplugins\minecraft-wiki-en.xml [2015-02-18]
FF Extension: Video Downloader professional - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-03-11]
FF Extension: NoScript - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-27]
FF Extension: Adblock Plus - C:\Users\Achmed\AppData\Roaming\Mozilla\Firefox\Profiles\jgbj3kif.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S4 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 Origin Client Service; G:\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
S2 TrueCryptSystemFavorites; C:\Windows\SysWOW64\TrueCrypt.exe [1516496 2015-01-27] (TrueCrypt Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\D930.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc) [File not signed]
S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 05:02 - 2015-03-21 05:03 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-03-21 05:02 - 2015-03-21 05:02 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-03-21 03:02 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\SysWOW64\SAVRKBootTasks.sys
2015-03-21 02:36 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\D930.tmp
2015-03-21 02:35 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\16AB.tmp
2015-03-21 02:34 - 2015-03-21 02:34 - 00000000 ____D () C:\Sophos Anti-Rootkit
2015-03-21 02:34 - 2015-03-21 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-03-21 02:34 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BAB7.tmp
2015-03-21 01:34 - 2015-03-21 01:34 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\JAM Software
2015-03-21 00:43 - 2015-03-21 00:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-20 23:34 - 2015-03-20 23:34 - 00000000 ____D () C:\Windows\pss
2015-03-20 23:22 - 2015-03-21 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 22:34 - 2015-03-20 22:34 - 00013321 _____ () C:\ComboFix.txt
2015-03-20 21:36 - 2015-03-21 14:25 - 00000000 ____D () C:\FRST
2015-03-20 20:33 - 2015-03-21 01:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 20:33 - 2015-03-21 01:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 ____D () C:\ Malwarebytes Anti-Malware 
2015-03-20 20:33 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-20 20:33 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-20 20:28 - 2015-03-21 14:22 - 00001792 _____ () C:\Windows\setupact.log
2015-03-20 20:28 - 2015-03-21 02:11 - 00005722 _____ () C:\Windows\PFRO.log
2015-03-20 20:28 - 2015-03-20 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-20 20:00 - 2015-03-21 01:59 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 19:30 - 2015-03-20 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 18:34 - 2015-03-20 19:41 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-20 18:34 - 2015-03-20 18:34 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-03-20 00:16 - 2015-03-20 00:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-18 00:35 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:35 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:35 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 17:44 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\TeamViewer
2015-03-13 20:23 - 2015-03-20 20:25 - 00000000 ____D () C:\Users\Achmed\AppData\Local\CrashDumps
2015-03-11 04:52 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 04:52 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 04:46 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 04:46 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 04:46 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 04:46 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 04:46 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 04:46 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 04:46 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 04:46 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 04:46 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 04:46 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 04:46 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 04:46 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 04:46 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 04:46 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 04:46 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 04:46 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 04:46 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 04:46 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 04:46 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 04:46 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 04:46 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 04:46 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 04:46 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 04:46 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 04:46 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 04:46 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 04:46 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 04:46 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 04:46 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 04:46 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 04:46 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 04:46 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 04:46 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 04:46 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 04:46 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 04:46 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 04:46 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 04:46 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 04:46 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 04:46 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 04:46 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 04:46 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 04:46 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 04:46 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 04:46 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 04:46 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 04:46 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 04:46 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 04:46 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 04:46 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 04:46 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 04:46 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 04:46 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 04:46 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 04:46 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 04:46 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 04:46 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 04:46 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 04:46 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 04:46 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 04:46 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 04:46 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 04:46 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 04:46 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 04:46 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 04:46 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 04:46 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 04:46 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 04:46 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 04:46 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 04:46 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 04:46 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 04:46 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 04:46 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 04:46 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 04:46 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 04:46 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 04:46 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 04:46 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 04:46 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 04:46 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 04:46 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ___DL () C:\Users\Achmed\AppData\Roaming\.minecraft
2015-03-06 20:20 - 2015-03-06 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland
2015-03-06 20:18 - 2015-03-06 20:18 - 00001083 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client.lnk
2015-03-06 13:05 - 2015-03-06 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-21 14:22 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn Hamachi
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\Users\Achmed\AppData\Local\LogMeIn
2015-03-06 12:51 - 2015-03-06 12:51 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-06 12:44 - 2015-03-06 12:44 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Steam
2015-03-05 17:42 - 2015-03-21 05:24 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\vlc
2015-03-05 17:42 - 2015-03-05 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-03 17:20 - 2015-03-05 17:42 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-02 20:47 - 2015-03-02 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-02-28 20:54 - 2015-02-28 20:54 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-02-27 20:43 - 2015-02-27 20:43 - 00000000 ____D () C:\Users\Achmed\AppData\Local\BANDAI NAMCO Games
2015-02-27 20:30 - 2015-03-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse
2015-02-24 11:06 - 2015-02-24 11:06 - 00001437 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieUserList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieSiteList
2015-02-23 23:55 - 2015-02-23 23:55 - 00000000 __SHD () C:\Users\Achmed\AppData\Local\EmieBrowserModeList
2015-02-23 03:02 - 2015-02-23 03:02 - 04022504 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2015-02-23 03:02 - 2015-02-23 03:02 - 00017950 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00013082 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\AccurateRip
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2015-02-23 03:02 - 2015-02-23 03:02 - 00000000 ____D () C:\Program Files (x86)\Illustrate
2015-02-23 02:23 - 2015-02-23 02:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-23 02:11 - 2015-02-23 02:23 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00001787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes.lnk
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\ProgramData\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-23 02:11 - 2015-02-23 02:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-23 02:11 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-02-22 01:33 - 2015-03-05 04:16 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\CodeBlocks
2015-02-21 00:07 - 2015-03-10 17:23 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Spotify
2015-02-21 00:07 - 2015-02-21 00:07 - 00001812 _____ () C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-21 00:06 - 2015-03-10 17:31 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Spotify
2015-02-19 16:30 - 2015-02-22 15:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-19 16:30 - 2015-02-22 15:14 - 00002065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-19 16:19 - 2015-02-19 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 14:25 - 2015-01-27 18:47 - 01424326 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 14:22 - 2015-01-29 16:54 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-21 14:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 14:21 - 2015-01-27 19:31 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-21 14:15 - 2015-01-27 19:14 - 00007652 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-03-21 14:14 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 14:14 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 14:13 - 2011-04-12 08:43 - 00674286 _____ () C:\Windows\system32\perfh007.dat
2015-03-21 14:13 - 2011-04-12 08:43 - 00139426 _____ () C:\Windows\system32\perfc007.dat
2015-03-21 14:13 - 2009-07-14 06:13 - 01554882 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 04:54 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Adobe
2015-03-21 04:48 - 2015-01-27 22:52 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Battle.net
2015-03-21 04:48 - 2015-01-27 19:39 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Skype
2015-03-21 01:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-20 23:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 23:31 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-03-20 22:58 - 2015-01-29 16:39 - 00000000 ____D () C:\Windows\SHELLNEW
2015-03-20 22:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 20:30 - 2015-01-27 18:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 20:25 - 2015-01-30 17:37 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\FileZilla
2015-03-20 20:25 - 2013-12-13 19:19 - 00000000 ____D () C:\Windows\Panther
2015-03-20 20:11 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed\AppData\Local\VirtualStore
2015-03-20 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-20 18:56 - 2015-01-27 19:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-20 00:16 - 2015-01-27 19:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 00:36 - 2015-01-27 19:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 20:41 - 2015-02-10 15:54 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 20:41 - 2015-02-10 15:54 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:52 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 20:41 - 2015-01-27 19:51 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 17:16 - 2015-01-27 19:52 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 17:16 - 2015-01-27 19:52 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 17:16 - 2015-01-27 19:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 13:40 - 2015-01-27 22:56 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 13:40 - 2015-01-27 22:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 13:40 - 2015-01-27 21:37 - 00000000 ____D () C:\Users\Achmed\AppData\Local\Adobe
2015-03-12 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 01:58 - 2015-01-28 00:15 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-12 01:58 - 2015-01-28 00:15 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-11 14:10 - 2015-01-27 19:52 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-11 11:39 - 2009-07-14 05:45 - 05101264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 04:50 - 2013-12-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 04:47 - 2013-12-13 20:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 03:44 - 2015-01-28 00:14 - 00000000 ____D () C:\ProgramData\Steam
2015-03-06 20:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-06 12:37 - 2015-01-27 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 12:37 - 2015-01-27 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla
2015-03-05 17:27 - 2015-01-28 16:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-04 12:34 - 2015-01-27 20:48 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 12:34 - 2015-01-27 20:47 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 22:09 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-03 22:07 - 2015-01-29 16:40 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-03-03 22:06 - 2015-02-17 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-03 21:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-03 21:45 - 2015-02-17 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-02 20:43 - 2015-01-27 22:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-26 09:20 - 2015-01-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 03:01 - 2015-02-01 01:54 - 00000000 ____D () C:\Users\Achmed\AppData\Roaming\Mp3tag
2015-02-20 11:39 - 2015-01-27 20:05 - 00111912 _____ () C:\Users\Achmed\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 16:33 - 2015-02-05 13:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-19 16:30 - 2015-01-27 21:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 16:21 - 2015-01-27 16:38 - 00000000 ____D () C:\Users\Achmed
2015-02-19 16:20 - 2015-01-27 21:38 - 00000000 ____D () C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-01-27 19:14 - 2015-03-21 14:15 - 0007652 _____ () C:\Users\Achmed\AppData\Local\resmon.resmoncfg
2015-01-27 19:31 - 2015-03-21 14:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Achmed\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 20:46

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Achmed at 2015-03-21 14:26:10
Running from D:\Eigene Dateien\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version:  - )
Dying Light (HKLM-x32\...\Dying Light_is1) (Version:  - )
Dying Light Update v1.5.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
EASEUS Partition Master 9.1.1 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Spotify (HKU\S-1-5-21-414628413-2699045466-946937149-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{76EE13CA-33D7-4DC4-B15C-FE0B2CD1E949}) (Version: 2.2.4.0 - Husdawg, LLC)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-20 23:15 - 00000291 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	rad.msn.com
127.0.0.1	live.rads.msn.com
127.0.0.1	ads1.msn.com
127.0.0.1	static.2mdn.net
127.0.0.1	g.msn.com
127.0.0.1	a.ads2.msads.net
127.0.0.1	b.ads2.msads.net
127.0.0.1	c3.msn.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {041749C7-AE29-4952-AE9B-7693A8DE8B32} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {21A2B23C-C9DA-4C28-B592-EA501A87FC9B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4669F2F8-699C-4770-B38A-D5D2B833631A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {68956E24-59E7-4A9B-8FD4-005F998B6B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {844A6DAB-20C9-4E3C-A2C6-C0E621F485C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AB8AC465-F677-4DC1-8699-5A074A68283A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-29] ()
Task: {F5FE2AF2-87E4-4368-9762-748E404712E4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) ==============

2015-01-27 19:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 00:15 - 2015-02-03 11:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-28 12:33 - 2013-05-28 15:56 - 00151552 _____ () C:\Windows\system\3DG4me.exe
2015-01-28 12:33 - 2012-06-06 08:56 - 00143360 _____ () C:\Windows\system\3DG4me.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrueCryptSystemFavorites => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-414628413-2699045466-946937149-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Achmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Achmed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Achmed (S-1-5-21-414628413-2699045466-946937149-1000 - Administrator - Enabled) => C:\Users\Achmed
Administrator (S-1-5-21-414628413-2699045466-946937149-500 - Administrator - Disabled)
Gast (S-1-5-21-414628413-2699045466-946937149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-414628413-2699045466-946937149-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2015 02:24:38 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:18 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:12 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:07 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:03 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:02 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:02 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:08 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:04 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:03 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Schwerwiegender Fehler
].


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\


System errors:
=============
Error: (03/21/2015 02:22:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SAVRKBootTasks

Error: (03/21/2015 02:22:18 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/21/2015 02:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/21/2015 02:24:38 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:18 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:12 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:07 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:03 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:02 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:24:02 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:08 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:04 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\

Error: (03/21/2015 02:10:03 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff0x8000ffff, Schwerwiegender Fehler


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0fa2b959-a659-11e4-94f1-50e549bf872d}\


CodeIntegrity Errors:
===================================
  Date: 2015-03-21 03:01:41.981
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.960
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.919
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.895
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.854
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.794
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.773
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.734
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 03:01:41.713
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D930.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 16365.16 MB
Available physical RAM: 13365.61 MB
Total Pagefile: 16363.35 MB
Available Pagefile: 13219.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (100 GB Windows 7) (Fixed) (Total:100.51 GB) (Free:67.08 GB) NTFS
Drive d: (250 GB Docs) (Fixed) (Total:232.88 GB) (Free:123.92 GB) NTFS
Drive e: (250 GB Data) (Fixed) (Total:232.88 GB) (Free:85.61 GB) NTFS
Drive f: (1750 GB Data) (Fixed) (Total:1630.18 GB) (Free:93.74 GB) NTFS
Drive g: (250 GB Games) (Fixed) (Total:232.83 GB) (Free:32.59 GB) NTFS
Drive j: () (Removable) (Total:14.55 GB) (Free:8.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D6142743)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 76204D87)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 0E090C11)
Partition 1: (Not Active) - (Size=1630.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 0626BC4C)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scheinbar funktioniert es jetzt. Was mache ich mit den bösen Dateien unter C:\FRST? Kann ich die einfach löschen?

[TR/CoinMiner bzw. Trojan.Agent.Gen] svchost.exe und lsass.exe in Windows\Temp

Plagegeister aller Art und deren Bekämpfung: [TR/CoinMiner bzw. Trojan.Agent.Gen] svchost.exe und lsass.exe in Windows\Temp