| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ram zu zu sehr Ausgelastet - Keine Programme offenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.04.2015, 10:15
| #1 |
 |  Ram zu zu sehr Ausgelastet - Keine Programme offen Hey  Ich habe heute Morgen meinen Pc eingeschaltet. Skype ist wie immer ganz Normal gestartet nur ich stellt fest das die Ram Auslastung bei 60% lag. Skype brauchte auch statts nur 100MB, 200-300 MB. Sobald ich Skype geschlossen hab waren nur noch 43 % Auslastung aber immernoch zu viel da es normalerweise nur 23 % sind und ich auch garkeine Programme offen hatte. Hier 2 Screenshots: puu.sh/heDqM/3053b3841f.png puu.sh/heDrz/4ea23126c5.png Ich versteh nicht wie da so viel Ausgelastet sein kann denn die Windows Anwendungen die da offen sind ziehen nicht besonders viel Leistung. Folgendes hab ich schon Probiert: - Mit Malwarebytes gescannt - mit Anti Rootkit gescannt - in der msconfig nach geschaut was alles startet - Pc neu gestartet - Mit Normalen Anti Virus gescannt - Mit Autorun.exe nach geschaut - Mit CCleaner gescannt - Mit Procexp die Prozesse genauer untersucht Ich weiß wirklich nicht was ich noch machen soll. Hatte nur einen Virus drauf hat aber Malwarebytes schon entfernt. Und da ich nicht mehr weiter weiß hab ich mich an das Forum hier gewendet und hoffe das ich hier Hilfe bekommen kann. LG SynDic4Te Geändert von SynDic4Te (15.04.2015 um 10:22 Uhr) |
|
15.04.2015, 10:42
| #2 |
| /// the machine /// TB-Ausbilder    |  Ram zu zu sehr Ausgelastet - Keine Programme offen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.04.2015, 11:26
| #3 |
| | Ram zu zu sehr Ausgelastet - Keine Programme offen FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by Administrator (administrator) on NICO-PC on 15-04-2015 11:45:33
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: karsten & biBa & braunebauch & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
() C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [Arvo] => C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE [582144 2010-04-01] (ROCCAT)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.8&ts=1381160363652&tguid=66807-6724-1381160363652-10E24E1CACD67209137674BBCBBE62F0&q={searchTerms}
SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66807&gid=1&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.8&ts=1381160363652&tguid=66807-6724-1381160363652-10E24E1CACD67209137674BBCBBE62F0&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
StartMenuInternet: IEXPLORE.EXE - IEXPLORE.EXE
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-01-20] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Extension: WOT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-04-01]
FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015-04-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-04-01]
FF Extension: Locale Switcher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-04-01]
FF Extension: NoScript - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-08]
FF Extension: Adblock Edge - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-07]
FF HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2015-03-21]
FF HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
Opera:
=======
OPR Extension: (Adguard Werbeblocker) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2015-04-04]
OPR Extension: (Twitch Now) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2015-04-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S4 BAVS; C:\Windows\SysWOW64\BAVS\BAVSdienst.exe [32256 2014-06-26] () [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-04-01] (Kingsoft Corporation)
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-11-20] (EasyAntiCheat Ltd)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-03-28] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-11-11] (Microsoft Corporation) [File not signed]
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223624 2014-06-16] ()
S3 DAUpdaterSvc; D:\Programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S4 HideIPLaucherService; C:\Program Files (x86)\Hide ALL IP\LauncherService.exe [X]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S4 OpenVPNService; "C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe" [X]
S4 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 alnbpfpe; No ImagePath
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [15872 2009-05-06] (ROCCAT Development, Inc.)
S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-22] (AVG Technologies)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-02-15] (Kingsoft Corporation)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S1 MpKslaf5d7170; No ImagePath
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-18] (Windows (R) Win 7 DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-05] (Spotflux, Inc.)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
U3 DfSdkS; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 11:45 - 2015-04-15 11:46 - 00024694 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-04-15 11:45 - 2015-04-15 11:45 - 02096640 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-04-15 11:45 - 2015-04-15 11:45 - 00000000 ____D () C:\FRST
2015-04-15 11:36 - 2015-04-15 11:37 - 10702728 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 11:36 - 2015-04-15 11:36 - 00000056 _____ () C:\Windows\setupact.log
2015-04-15 11:36 - 2015-04-15 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 11:31 - 2015-04-15 11:31 - 02217984 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.201.exe
2015-04-15 11:26 - 2015-04-15 11:26 - 00001361 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-04-15 11:23 - 2015-04-15 11:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NICO-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-15 11:22 - 2015-04-15 11:22 - 00000000 ____D () C:\RegBackup
2015-04-15 11:20 - 2015-04-15 11:20 - 02687136 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2015-04-15 10:55 - 2015-04-15 10:55 - 00000034 _____ () C:\Users\Administrator\Desktop\Screenshot links.txt
2015-04-15 10:53 - 2015-04-15 10:53 - 02300472 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-04-15 10:05 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\procexp.exe
2015-04-15 10:04 - 2015-04-15 10:05 - 01125626 _____ () C:\Users\Administrator\Downloads\ProcessExplorer_16.5.zip
2015-04-14 15:53 - 2015-04-14 15:57 - 00882044 _____ () C:\Users\Administrator\Documents\RecordMorphOutput.wav
2015-04-14 15:41 - 2015-04-14 15:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Screaming Bee
2015-04-14 15:34 - 2015-04-14 15:34 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee LLC
2015-04-14 15:00 - 2015-04-15 09:43 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2015-04-14 14:48 - 2015-04-14 14:51 - 34354008 _____ () C:\Users\Administrator\Downloads\MorphVOX Pro v4.3.13 with Addons + Crk.exe
2015-04-14 14:42 - 2015-04-14 14:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Remote Control Server
2015-04-14 14:13 - 2015-04-14 14:13 - 06754839 _____ (Steppschuh) C:\Users\Administrator\Downloads\RemoteControlServerSetup.exe
2015-04-14 10:03 - 2015-04-11 18:35 - 08368128 _____ () C:\Users\Administrator\Desktop\fcr900.dff
2015-04-14 10:03 - 2015-04-11 08:32 - 00000630 _____ () C:\Users\Administrator\Desktop\readme.txt
2015-04-14 10:03 - 2015-04-06 16:36 - 09423656 _____ () C:\Users\Administrator\Desktop\fcr900.txd
2015-04-13 09:31 - 2015-04-13 09:31 - 00000000 ____D () C:\Users\Administrator\Desktop\Terror Engine Reborn 2.0 (64bit)
2015-04-11 19:55 - 2015-04-12 00:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Amazing Template By HibixArts
2015-04-11 19:53 - 2015-04-11 19:53 - 04001278 _____ () C:\Users\Administrator\Downloads\Intro Template- Five nights at Freddys.mp4
2015-04-11 18:56 - 2015-04-11 18:58 - 900951753 _____ () C:\Users\Administrator\Downloads\Music For Intro 2.rar
2015-04-10 18:06 - 2015-04-12 10:57 - 00000000 ____D () C:\ProgramData\{dab5c1c1-de22-4a32-dab5-5c1c1de20707}
2015-04-09 14:44 - 2015-04-09 14:44 - 00000000 ____D () C:\Users\Administrator\Documents\WBGames
2015-04-08 12:03 - 2015-04-08 12:04 - 00000000 ____D () C:\Users\Administrator\Desktop\Fast.and.Furious.7.TS.LD.German.x264-PsO
2015-04-06 19:54 - 2015-04-03 17:52 - 01922004 _____ () C:\Users\Administrator\Desktop\Song.wav
2015-04-06 17:43 - 2015-04-06 17:43 - 00000000 ____D () C:\Users\Administrator\Tracing
2015-04-05 01:44 - 2015-04-05 01:44 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 01:44 - 2015-04-05 01:44 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 15:53 - 2015-04-04 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy 7-Zip
2015-04-04 15:53 - 2015-04-04 15:53 - 00000000 ____D () C:\Program Files\Easy 7-Zip
2015-04-04 15:31 - 2015-04-04 15:41 - 44492800 _____ () C:\Program Files (x86)\GUT50C2.tmp
2015-04-04 15:31 - 2015-04-04 15:31 - 00000000 ____D () C:\Program Files (x86)\GUM50A2.tmp
2015-04-04 15:22 - 2015-04-12 11:03 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1428153734
2015-04-04 15:22 - 2015-04-12 11:03 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-04 15:22 - 2015-04-04 15:22 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-04-04 15:22 - 2015-04-04 15:22 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-04 15:08 - 2015-04-04 15:08 - 01543626 _____ () C:\Users\Administrator\Downloads\iExestos Intro _ RJคrtz [60FPS].mp4
2015-04-04 00:18 - 2015-04-04 00:29 - 123371600 _____ () C:\Users\Administrator\ts3_recording_15_04_04_0_18_39.wav
2015-04-03 23:38 - 2015-04-03 23:38 - 00000000 _____ () C:\Users\Administrator\Desktop\Marco Illuminat.txt
2015-04-03 23:12 - 2015-04-03 23:20 - 98559440 _____ () C:\Users\Administrator\ts3_recording_15_04_03_23_12_5.wav
2015-04-03 20:56 - 2015-04-03 20:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-03 20:56 - 2015-04-03 20:56 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-03 20:56 - 2015-04-03 20:56 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-03 18:43 - 2015-04-03 18:47 - 40658000 _____ () C:\Users\Administrator\ts3_recording_15_04_03_18_43_38.wav
2015-04-03 18:39 - 2015-04-03 18:39 - 01609040 _____ () C:\Users\Administrator\ts3_recording_15_04_03_18_39_28.wav
2015-04-03 12:07 - 2015-04-03 12:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Roaming\Mozilla
2015-04-03 12:07 - 2015-04-03 12:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Local\Mozilla
2015-04-01 20:05 - 2015-04-01 20:18 - 119446471 _____ () C:\Users\Administrator\Downloads\YouPorn - d re la 2.mp4
2015-04-01 00:47 - 2015-04-04 15:46 - 00000000 ____D () C:\Program Files (x86)\Whitehat
2015-04-01 00:47 - 2015-04-01 00:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Aviator
2015-04-01 00:43 - 2015-04-01 00:43 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2015-04-01 00:43 - 2015-04-01 00:43 - 00000000 ____D () C:\Program Files\Waterfox
2015-03-31 22:16 - 2015-03-31 22:16 - 00002024 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-03-31 22:16 - 2015-03-31 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-03-31 22:15 - 2015-03-31 22:16 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-03-31 18:18 - 2014-01-04 19:53 - 00706562 _____ () C:\Users\Administrator\Desktop\requiem_cast.wav
2015-03-31 00:45 - 2015-03-29 18:39 - 20819882 _____ () C:\Users\Administrator\Desktop\TEMPLATE.psd
2015-03-31 00:38 - 2015-01-16 14:13 - 27487780 _____ () C:\Users\Administrator\Desktop\PSD4.psd
2015-03-30 23:58 - 2015-03-31 00:01 - 00000000 ____D () C:\Users\Administrator\Desktop\212 Skin Mods
2015-03-30 23:49 - 2015-03-30 23:49 - 226724184 _____ () C:\Users\Administrator\Desktop\212_Skin_Mods.rar
2015-03-30 16:47 - 2015-03-30 16:47 - 01838157 _____ () C:\Users\Administrator\Desktop\la-pirula-project.rar
2015-03-30 16:03 - 2015-03-30 16:18 - 00000000 ____D () C:\Users\Administrator\Desktop\Elegy
2015-03-29 17:09 - 2015-03-29 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2015-03-29 16:00 - 2015-03-29 18:09 - 00000000 ____D () C:\Program Files (x86)\R.G. Games
2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\karsten\Desktop\Rising World v0.5.3.1.lnk
2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\braunebauch\Desktop\Rising World v0.5.3.1.lnk
2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\biBa\Desktop\Rising World v0.5.3.1.lnk
2015-03-28 21:51 - 2015-03-21 17:18 - 00182582 _____ (Igor Pavlov) C:\Users\Administrator\Documents\BF3800600.exe
2015-03-28 18:35 - 2015-03-28 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate
2015-03-28 02:07 - 2015-03-28 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2015-03-28 01:54 - 2015-03-28 02:10 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2015-03-28 01:40 - 2015-03-28 01:52 - 00000000 ____D () C:\Hazard Ops
2015-03-28 01:39 - 2015-03-28 01:39 - 00000181 _____ () C:\console.log
2015-03-27 17:55 - 2015-03-27 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-03-27 17:55 - 2015-03-27 17:55 - 00000000 ____D () C:\Program Files\DivX
2015-03-27 17:54 - 2015-03-27 17:55 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-03-27 17:53 - 2015-03-27 17:55 - 00000000 ____D () C:\ProgramData\DivX
2015-03-26 23:12 - 2015-03-26 23:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-26 22:31 - 2015-03-26 22:31 - 07350440 _____ () C:\Users\Administrator\Desktop\Final render dat_x264.mp4
2015-03-26 13:45 - 2015-03-30 01:38 - 00000000 ____D () C:\Users\Administrator\Desktop\Backups
2015-03-25 18:17 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 18:17 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 18:17 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 18:17 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 18:17 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 18:17 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 18:17 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 18:17 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:59 - 2015-03-23 17:29 - 06103040 _____ () C:\Program Files (x86)\GUT7F40.tmp
2015-03-23 16:59 - 2015-03-23 16:59 - 00000000 ____D () C:\Program Files (x86)\GUM7F3F.tmp
2015-03-23 16:57 - 2015-04-15 11:02 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job
2015-03-23 16:57 - 2015-04-14 16:02 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job
2015-03-23 16:57 - 2015-03-23 16:57 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA
2015-03-23 16:57 - 2015-03-23 16:57 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core
2015-03-21 18:29 - 2015-03-22 11:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-21 18:29 - 2015-03-21 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DMCache
2015-03-21 18:29 - 2015-03-21 21:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IDM
2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\IDM
2015-03-21 10:28 - 2015-03-23 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 18:14 - 2015-03-20 18:14 - 00001010 _____ () C:\Users\Administrator\Desktop\Telegram.lnk
2015-03-19 05:08 - 2015-03-19 04:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 11:45 - 2014-09-15 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-15 11:45 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 11:45 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 11:41 - 2009-10-22 17:16 - 01557092 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 11:39 - 2014-07-19 15:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2015-04-15 11:37 - 2013-10-04 20:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-15 11:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 11:35 - 2014-07-09 18:16 - 00000000 ____D () C:\AdwCleaner
2015-04-15 11:31 - 2014-11-18 20:23 - 03300352 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2015-04-15 11:29 - 2013-07-13 03:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 10:52 - 2014-11-22 18:47 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-15 10:52 - 2014-07-10 04:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-04-15 10:52 - 2013-05-27 21:20 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 10:34 - 2014-10-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-15 10:16 - 2014-07-26 05:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-15 09:09 - 2009-11-29 17:59 - 00000000 ____D () C:\Temp
2015-04-15 08:49 - 2015-03-07 12:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 08:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 22:01 - 2014-12-06 17:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Everything
2015-04-14 16:02 - 2014-07-25 13:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TS3Client
2015-04-14 15:48 - 2015-01-29 15:04 - 00000000 ____D () C:\Users\braunebauch
2015-04-14 15:48 - 2014-09-18 15:17 - 00000000 ____D () C:\Users\biBa
2015-04-14 15:35 - 2009-10-22 17:23 - 00000000 ____D () C:\Users\karsten
2015-04-14 14:18 - 2014-07-26 21:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2015-04-14 14:17 - 2015-01-14 17:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FileZilla
2015-04-14 14:06 - 2015-01-14 17:49 - 00000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2015-04-14 14:04 - 2015-02-04 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-14 14:04 - 2015-02-04 23:42 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-04-14 10:04 - 2014-11-22 18:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2015-04-14 08:43 - 2009-07-14 19:58 - 00714066 _____ () C:\Windows\system32\perfh007.dat
2015-04-14 08:43 - 2009-07-14 19:58 - 00155896 _____ () C:\Windows\system32\perfc007.dat
2015-04-14 08:43 - 2009-07-14 07:13 - 01660646 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 08:09 - 2014-04-11 12:26 - 02300472 _____ () C:\Users\karsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 07:57 - 2015-01-29 15:05 - 02300472 _____ () C:\Users\braunebauch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-13 21:56 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Administrator
2015-04-13 10:30 - 2014-10-02 01:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2015-04-13 09:39 - 2013-11-07 15:18 - 00000000 ____D () C:\Windows\pss
2015-04-06 17:41 - 2013-12-02 01:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-04 15:42 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-04-04 15:42 - 2011-02-07 21:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 15:31 - 2013-07-13 03:14 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-04 15:31 - 2013-07-13 03:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-04 15:31 - 2011-08-07 03:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-04 15:30 - 2014-07-10 04:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-04-04 15:22 - 2014-09-10 01:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2015-04-04 15:22 - 2014-09-10 01:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2015-04-03 21:41 - 2015-03-13 15:07 - 02300472 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-04-03 20:56 - 2014-07-24 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer
2015-04-03 00:04 - 2013-09-09 18:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-01 12:06 - 2013-07-23 19:16 - 00000000 ____D () C:\ProgramData\Origin
2015-04-01 01:02 - 2015-02-23 11:41 - 00000000 ____D () C:\Users\Administrator\Desktop\GTA SA
2015-04-01 00:52 - 2014-11-28 03:45 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2015-04-01 00:52 - 2014-11-28 03:45 - 00000000 ____D () C:\Program Files (x86)\MTA San Andreas 1.4
2015-04-01 00:48 - 2014-10-23 00:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-03-31 22:16 - 2013-07-02 23:05 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-03-30 10:57 - 2014-07-25 00:23 - 00000000 ____D () C:\Program Files (x86)\puush
2015-03-30 01:07 - 2014-09-24 13:53 - 00000000 ____D () C:\Users\Administrator\Desktop\Five Nights at Freddy's
2015-03-30 01:00 - 2015-01-09 16:42 - 00000000 ____D () C:\Users\Administrator\Desktop\Alben
2015-03-29 18:10 - 2015-02-22 22:18 - 00000000 ____D () C:\Users\Administrator\Desktop\Mods
2015-03-29 17:22 - 2014-10-27 05:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 15:30 - 2014-02-26 17:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-29 15:29 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-28 22:01 - 2014-07-27 16:38 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-28 22:01 - 2013-07-29 08:52 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-28 21:59 - 2014-07-27 16:38 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-28 21:22 - 2014-05-29 02:26 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-03-28 21:14 - 2013-08-13 14:04 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-28 18:33 - 2014-11-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-27 21:42 - 2014-12-29 16:55 - 00000000 ____D () C:\Users\Administrator\Desktop\PD2 Mod
2015-03-27 17:40 - 2014-10-12 21:00 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-27 11:41 - 2015-01-07 16:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2015-03-26 09:10 - 2014-12-10 14:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 09:10 - 2014-05-06 23:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 23:45 - 2015-03-07 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-24 23:45 - 2015-03-07 12:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-23 16:50 - 2014-11-15 23:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2015-03-23 16:49 - 2014-05-01 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-23 16:49 - 2013-08-26 23:36 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-23 16:47 - 2013-05-27 19:02 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-22 18:10 - 2014-10-11 03:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2015-03-21 21:13 - 2014-10-22 02:44 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-03-21 21:12 - 2014-09-10 19:23 - 00000000 ____D () C:\Program Files (x86)\FFsplit
2015-03-21 21:10 - 2015-01-21 18:19 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-03-21 21:09 - 2014-10-11 04:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Comodo
2015-03-21 21:09 - 2013-11-12 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-20 21:38 - 2014-09-19 14:48 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-20 21:35 - 2014-06-02 14:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-20 21:35 - 2013-12-01 23:49 - 00000000 ____D () C:\Program Files\Java
2015-03-20 21:34 - 2014-06-02 14:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-20 21:34 - 2013-09-25 13:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-20 13:28 - 2015-02-07 13:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Roaming\Everything
2015-03-18 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 17:54 - 2013-09-15 14:09 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-03-17 07:15 - 2015-03-07 12:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2015-03-07 12:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2015-03-07 12:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2014-09-03 05:34 - 2014-09-03 06:59 - 6010880 _____ () C:\Program Files (x86)\GUT455E.tmp
2015-04-04 15:31 - 2015-04-04 15:41 - 44492800 _____ () C:\Program Files (x86)\GUT50C2.tmp
2015-03-23 16:59 - 2015-03-23 17:29 - 6103040 _____ () C:\Program Files (x86)\GUT7F40.tmp
2014-10-31 03:31 - 2014-10-31 03:48 - 0065625 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini
2014-10-31 03:31 - 2014-10-31 03:48 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini
2014-10-31 03:31 - 2014-10-31 03:48 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini
2014-10-31 03:31 - 2014-10-31 03:48 - 0004551 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg
2014-10-31 03:35 - 2014-10-31 03:47 - 0000098 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.command
2014-10-31 03:40 - 2014-10-31 03:48 - 0000000 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.Data.ini
2014-10-31 03:40 - 2014-10-31 03:48 - 0001206 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.ini
2014-10-31 03:29 - 2014-10-31 03:42 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml
2014-10-07 11:08 - 2014-10-07 11:08 - 0000045 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-09-14 20:26 - 2015-01-22 22:45 - 0005632 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 02:56 - 2014-10-11 02:56 - 0000101 _____ () C:\Users\Administrator\AppData\Local\fusioncache.dat
2014-09-08 21:28 - 2014-09-08 21:28 - 0000000 ___SH () C:\Users\Administrator\AppData\Local\LumaEmu
2015-01-14 17:49 - 2015-04-14 14:06 - 0000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2014-10-13 12:52 - 2014-10-13 12:52 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{80B6D3F3-6694-49AF-916C-2BA4E7745A94}
Files to move or delete:
====================
C:\Users\karsten\AppData\Roaming\skype.ini
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\biBa\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 12:43
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
Ran by Administrator at 2015-04-15 11:47:14
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Ancient Weapon Sounds (HKLM-x32\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - )
Arvo (HKLM-x32\...\{61DF2893-0069-4E50-A02E-3A41A97CB1B4}) (Version: 1.0 - ROCCAT)
Ashampoo WinOptimizer 11 v.11.00.40 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.40 - Ashampoo GmbH & Co. KG)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
CINEMA 4D R14 (HKLM-x32\...\CINEMA 4D R14) (Version: - )
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1.172 - MAYN INTERACTIVE)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Easy 7-Zip v0.1.4 (x64) (HKLM\...\{661BB54F-5E4A-45F0-8153-DDF10C2E3FB7}_is1) (Version: 0.1.4 (x64) - James Hoo)
Euthanasia V.1.0 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Euthanasia V.1.0) (Version: - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version: - Monolith)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Goodbye New World (HKLM\...\UDK-14cab96a-d442-42f0-b347-97f8e3b6bcb4) (Version: - Epic Games, Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Half-Life 2 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Half-Life 2) (Version: - )
Handset WinDriver 1.02.03.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.03.00 - Huawei technologies Co., Ltd.)
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 1.4.1 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules)
Hercules Webcam Deluxe (HKLM-x32\...\{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}) (Version: 3.2.2.5 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - IO Interactive)
Hitman: Contracts (HKLM-x32\...\Steam App 247430) (Version: - IO Interactive)
HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Legendary (HKLM-x32\...\InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}) (Version: 1.00.0000 - Spark Unlimited)
Legendary (x32 Version: 1.00.0000 - Spark Unlimited) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Magic Bullet QuickLooks Free version 1.4.4 (HKLM-x32\...\{B0D297D8-289A-48A7-B02E-B6A9914CF716}_is1) (Version: 1.4.4 - Red Giant, LLC)
Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{5375FD61-C0E9-11E1-9297-F04DA23A5C58}) (Version: 12.0.334 - Sony)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
Need for Speed Most Wanted Black Edition (HKLM-x32\...\Need for Speed Most Wanted Black Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: - )
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Orcs Must Die (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge Productions GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Perfect Effects 4.0.4 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.4 - onOne Software)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 3.3.3 (HKLM-x32\...\{39b6eb84-331c-3657-ad2e-837537ddf04f}) (Version: 3.3.3150 - Python Software Foundation)
Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)
ROCCAT Power-Grid Version 0.460 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.460 - ROCCAT GmbH)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.3.2660.0 - Hi-Rez Studios)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
SRWare Iron Version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Telegram Desktop Version 0.7.23 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.23 - Telegram Messenger LLP)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.1 - Red Giant) Hidden
Trapcode Suite v12.1.5 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.5 - Red Giant, LLC)
Twixtor 5, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 5, After Effects-compatible plugin set) (Version: - )
Unity Web Player (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 5.1 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Video Download Capture Version 4.9.3 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.3 - APOWERSOFT LIMITED)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Waterfox 36.0.4 (x64 en-US) (HKLM\...\Waterfox 36.0.4 (x64 en-US)) (Version: 36.0.4 - Mozilla)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
09-04-2015 14:43:23 DirectX wurde installiert
10-04-2015 14:13:50 Windows Update
14-04-2015 07:57:40 Windows Update
14-04-2015 14:18:43 Installed Remote Control Server.
14-04-2015 15:00:13 Installed MorphVOX Pro
14-04-2015 15:34:35 Installed Creatures of Darkness
14-04-2015 15:35:20 Installed Deep Space Voices
14-04-2015 15:36:14 Installed Female Voice Pack
14-04-2015 15:36:58 Installed Sci-Fi Voice Pack
14-04-2015 15:37:47 Installed Spooky Sounds
14-04-2015 15:38:57 Installed Ancient Weapon Sounds
14-04-2015 15:40:29 Installed Blue Satin Skin
15-04-2015 08:56:04 Removed Blue Satin Skin
15-04-2015 09:00:36 Removed Deep Space Voices
15-04-2015 09:04:29 Removed Female Voice Pack
15-04-2015 09:05:22 Removed MorphVOX Pro
15-04-2015 09:07:53 Removed Remote Control Server.
15-04-2015 09:41:51 Removed Spooky Sounds
15-04-2015 09:43:05 Removed Sci-Fi Voice Pack
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06F8F7A2-A5FF-42CA-B363-FF89B4357C9B} - \{97620550-7AD6-43C4-9B64-7C7BC9F55F1A} No Task File <==== ATTENTION
Task: {0851DC4D-8C68-4A60-A0D5-C1613BCED171} - \{D4C421D4-F5FB-48A7-9BF2-142084EE4FEA} No Task File <==== ATTENTION
Task: {15616B49-269D-4AED-8AE0-ABACC72A1BEB} - \{BB346646-8460-4A6A-8385-378AF20AB49C} No Task File <==== ATTENTION
Task: {1F05F00D-E373-4DE0-9BBB-D9B82DB7E3C4} - System32\Tasks\Opera scheduled Autoupdate 1428153734 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {2420BDDB-CBC4-4D46-87B0-CCE568FEF1F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2EACDB39-EF02-4B1D-87C8-8919BA310E1F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {33BD46FE-79BA-43DD-952A-B1EBE0E2C174} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: {37868ED5-A782-4C79-BB32-0718324FA25E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {37A810AF-E426-4453-B228-C5F3E693B477} - \{920D6D43-2AEA-416A-AC86-9F3AF9B88376} No Task File <==== ATTENTION
Task: {4ABFBB17-5888-47B0-B4B1-146A3991D92B} - \{20503128-1861-454C-94FD-14D0B46FAF99} No Task File <==== ATTENTION
Task: {4D30BD59-6B84-4507-8332-34CCDC5EEEB4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2399221302-1085130942-1105205786-1001
Task: {4F9DA992-438C-40ED-AA8D-7AC9F1DCDFA8} - \{8D4E1323-0DAD-4625-B33A-B545E65E3A7A} No Task File <==== ATTENTION
Task: {5033F66D-BBB8-4BFA-BEDE-16F65262502E} - \{7F1008C0-6851-4DB5-B285-DCF8862D940C} No Task File <==== ATTENTION
Task: {5665030D-3375-4AC8-A157-197B3C547DEA} - \{454AD1E7-6BA2-49F6-BA0A-E8F65BE67228} No Task File <==== ATTENTION
Task: {5A0B1ACD-B23C-46E3-AA59-49F82298F3D3} - System32\Tasks\Driver Booster SkipUAC (karsten) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {5D447156-A55E-4473-AF74-BC51AE18D370} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {61DC6B12-D051-4DE7-9A35-A9D6565115E0} - \{7196DD32-832B-472B-80C1-2E21BDFFA13B} No Task File <==== ATTENTION
Task: {688532D0-4BE3-4725-82EB-221903A17363} - \{573D3449-1E43-4310-A81E-9E74D686D6EB} No Task File <==== ATTENTION
Task: {689B6418-97EB-469B-A04D-C312EE7C142E} - \{D67FB836-87B9-4E35-A019-B496DAF45C0C} No Task File <==== ATTENTION
Task: {6D173DD5-2F81-4CEB-9652-BEA1EB96238F} - System32\Tasks\AdobeAAMUpdater-1.0-karsten-PC-karsten => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {6D463B5E-5F29-429A-8D41-D1C65F060470} - System32\Tasks\Update\Windows => C:\Users\Administrator\AppData\Roaming\Winlogon.exe
Task: {6E8418B0-EB54-47C8-847A-AC1194246DAF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-28] (Facebook Inc.)
Task: {73689B5B-3E64-43C5-A640-002BDB5E65BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {80722540-49EF-4C90-B440-093526396386} - \{90427E89-C8A5-4072-96EE-774EFAC3BA83} No Task File <==== ATTENTION
Task: {88362523-0CAB-4056-9930-50BA04D51695} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: {894FF966-4C6E-4AF5-8178-D3BFE9A8385E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)
Task: {9173471A-C6DA-4284-832F-E99E410E243E} - \{5163C3E5-63C5-4495-B4AA-5419966FBBBF} No Task File <==== ATTENTION
Task: {9B3545D0-957C-43B2-AEC2-F87EE1DE372A} - \SmartDefrag_Startup No Task File <==== ATTENTION
Task: {AA96D98E-B3B7-40F1-98D0-AB0263F3586F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-28] (Facebook Inc.)
Task: {ABEB59B5-AC0A-408A-A48B-E387FFD6FC65} - \{F1E8C321-63A0-484C-95B0-765F41AFB711} No Task File <==== ATTENTION
Task: {AFEB4AF5-D7EF-40CF-8F1E-31523FF9F37C} - \{6E93AD71-C22E-435D-B5FA-93D87244ACD8} No Task File <==== ATTENTION
Task: {B845CFC5-46E7-433E-8CA9-C97319D2C45E} - \{E84F4D91-D6D0-4366-B512-09F5D48FDC49} No Task File <==== ATTENTION
Task: {C0B73CCB-78FA-434F-B815-07F1444EE448} - \{43005882-BDF5-4A2F-9DC4-4112790601A5} No Task File <==== ATTENTION
Task: {C33D4862-D785-4E1F-8349-9BA3A4444E29} - \{9110898E-5912-4DD7-A2BE-AD879D3B38A3} No Task File <==== ATTENTION
Task: {C4C81ECE-2270-4B49-8B4B-7EC3783971BF} - \{5D9C3054-DF04-46E7-85FE-CE1984B2C4AF} No Task File <==== ATTENTION
Task: {C7293F5F-B1AB-4834-991A-E28F5E0BF8F7} - \{9DD0760A-9201-4D1B-B2DF-BA34C01DC649} No Task File <==== ATTENTION
Task: {CE1A460F-1729-4CFA-AC0A-8AA62057D712} - \SidebarExecute No Task File <==== ATTENTION
Task: {CEEC97F6-68E8-4BE1-99CB-73F00C79D6ED} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D1CFF53A-370D-45C7-9420-008EC7DE6CB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {D732F774-D275-48CB-BC29-0568B6F33D92} - \{F5E9DBFF-FF75-4AC4-B401-12DF05DF2296} No Task File <==== ATTENTION
Task: {DDBC4B6F-17CC-4842-8420-C02FC0055B89} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {E4339764-53AF-48EA-A486-8894CA00BF2C} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {E638D2DC-173D-42F3-87C4-23C0437E3737} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E7267170-18D5-418D-99EC-4A3CA62DA07B} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-07-09] ()
Task: {ECFEB51F-C61F-47B6-8233-BF100082337B} - \{FE17945D-4600-4AEB-9D5A-3D15DCBD397A} No Task File <==== ATTENTION
Task: {F7610585-9EB2-41DB-8CB4-16DB95A21205} - \SmartDefragUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core.job => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA.job => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-07-20 11:28 - 2009-05-18 14:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL
2010-07-20 11:28 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL
2014-01-31 21:55 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-01-31 21:55 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-07-20 11:30 - 2009-11-04 09:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2013-08-13 14:04 - 2015-03-28 21:14 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-10 14:41 - 2015-03-30 10:57 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-11 20:55 - 2015-04-11 20:55 - 00484472 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-04-11 20:55 - 2015-04-11 20:55 - 01488504 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libglesv2.dll
2015-04-11 20:55 - 2015-04-11 20:55 - 00079992 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libegl.dll
2015-04-11 20:55 - 2015-04-11 20:55 - 09625720 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Windows\system32\Drivers\bdqgfffr.sys:changelist
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5B8C10F3
AlternateDataStreams: C:\Users\karsten\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\karsten\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\karsten\AppData\Roaming:NT
AlternateDataStreams: C:\Users\karsten\AppData\Roaming:NT2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HideIPLaucherService => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IceDragonUpdater => 2
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UnsignedThemes => 2
MSCONFIG\Services: vToolbarUpdater17.2.0 => 2
MSCONFIG\Services: WindowsMangerProtect => 2
MSCONFIG\Services: WO_LiveService2 => 3
MSCONFIG\Services: Wpm => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AdFender.lnk => C:\Windows\pss\AdFender.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Task Monitor.lnk => C:\Windows\pss\Windows Task Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Grand Theft Auto V.rar.lnk => C:\Windows\pss\Grand Theft Auto V.rar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^464880c9d8c4a147af609f752aac5ce9.exe => C:\Windows\pss\464880c9d8c4a147af609f752aac5ce9.exe.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^464880c9d8c4a147af609f752aac5ce9.exe.tmp => C:\Windows\pss\464880c9d8c4a147af609f752aac5ce9.exe.tmp.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Metro Updater.exe => C:\Windows\pss\Metro Updater.exe.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Run.lnk => C:\Windows\pss\Run.lnk.Startup
MSCONFIG\startupreg: 1 =>
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: Advanced SystemCare Ultimate => "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackgroundSwitcher => "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: clicup-Agent => C:\Users\ADMINI~1\AppData\Local\Temp\clicup\clicup.exe
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: cmsc => "c:\program files (x86)\cmcm\Clean Master\cmtray.exe" -autorun
MSCONFIG\startupreg: ConduitFloatingPlugin_cfigonhgidedenkkhlilmefgodjpefna => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\karsten\AppData\Local\Temp\CT3317892\plugins\TBVerifier.dll",RunConduitFloatingPlugin cfigonhgidedenkkhlilmefgodjpefna
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup
MSCONFIG\startupreg: EzPrint =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\karsten\AppData\Local\Temp\File5913484223273618412.jar"
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Handy Updater =>
MSCONFIG\startupreg: HKCU => C:\Users\karsten\AppData\Roaming\install\server.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iLivid => "C:\Users\karsten\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: InetStat => "C:\Users\karsten\AppData\Roaming\InetStat\inetstat.exe" /c=14
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: javab => C:\Users\karsten\AppData\Local\Temp\MinecraftAdminForcer.exe
MSCONFIG\startupreg: Lexmark Pro700 Series =>
MSCONFIG\startupreg: LightShot => C:\Users\karsten\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: lxeemon.exe =>
MSCONFIG\startupreg: mbot_de_83 => "C:\Program Files (x86)\mbot_de_83\mbot_de_83.exe"
MSCONFIG\startupreg: Microsoft Windows Hosting Service => C:\Users\karsten\AppData\Local\Temp\csrss.exe
MSCONFIG\startupreg: MicroUpdate => C:\Users\Nico 2.0\Documents\MSDCSC\msdcsc.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\karsten\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
MSCONFIG\startupreg: PWRISOVM.EXE =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: rundll32 => C:\Users\karsten\AppData\Local\Temp\MSDCSC\msdcsc.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\karsten\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\karsten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SunsetScreen => C:\Users\Administrator\Desktop\SunsetScreen\SunsetScreen.exe /hidewindow
MSCONFIG\startupreg: swg =>
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Tiny download manager => "C:\Users\karsten\AppData\Local\DM\TinyDM.exe" /M
MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: UX Launcher => C:\Program Files (x86)\UX Pack\uxlaunch.exe
MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
MSCONFIG\startupreg: Virtual Audio Streaming(Sound Card Switch) => "C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\VirtualAudioStreaming.exe" /minimized
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows => C:\Users\Administrator\AppData\Roaming\Winlogon.exe
MSCONFIG\startupreg: Winlogon => C:\Users\Administrator\AppData\Roaming\winlogon.exe
MSCONFIG\startupreg: winupdater => C:\Users\karsten\Documents\Windupdt\winupdate.exe
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
MSCONFIG\startupreg: {517CC397-B22F-4593-8DCB-DE72CC541E9A} => "C:\Users\karsten\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{517CC397-B22F-4593-8DCB-DE72CC541E9A}"
==================== Accounts: =============================
Administrator (S-1-5-21-2399221302-1085130942-1105205786-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-2399221302-1085130942-1105205786-1008 - Limited - Enabled)
biBa (S-1-5-21-2399221302-1085130942-1105205786-1011 - Administrator - Enabled) => C:\Users\biBa
braunebauch (S-1-5-21-2399221302-1085130942-1105205786-1012 - Limited - Enabled) => C:\Users\braunebauch
Gast (S-1-5-21-2399221302-1085130942-1105205786-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2399221302-1085130942-1105205786-1003 - Limited - Enabled)
karsten (S-1-5-21-2399221302-1085130942-1105205786-1001 - Administrator - Enabled) => C:\Users\karsten
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: MpKslaf5d7170
Description: MpKslaf5d7170
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslaf5d7170
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Anchorfree HSS VPN Adapter #2
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Android Composite ADB Interface
Description: Android Composite ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: Google, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/15/2015 11:47:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/15/2015 11:45:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/15/2015 11:43:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/15/2015 11:41:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/15/2015 11:40:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/15/2015 11:38:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/15/2015 11:38:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (04/15/2015 11:38:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (04/15/2015 11:38:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (04/15/2015 11:38:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Phenom(tm) 9650 Quad-Core Processor
Percentage of memory in use: 49%
Total physical RAM: 3070.55 MB
Available physical RAM: 1555.21 MB
Total Pagefile: 6139.29 MB
Available Pagefile: 3803.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:305.99 GB) (Free:78.42 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.09 GB) (Free:83.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 76FF2B4E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=306 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Dann eine MpCmdRun.exe und auch ein paar weitere .exe Dateien die mir unbekannt sind. Wenn ich den Dateipfad dieser Dateien öffne, komm ich in ein Ordner. Wenn ich diese Datei dann löschen möchte kommt: Sie müssen die erforderlichen berichtigungen von TrustedInstaller erhalten, um änderungen an dieser Datei vorzunehmen. Und TrustedInstaller öffnet sich immer wieder sobald ich es mit dem Task Manager schließe. |
|
15.04.2015, 19:30
| #4 |
| /// the machine /// TB-Ausbilder | Ram zu zu sehr Ausgelastet - Keine Programme offen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2015, 15:16
| #5 |
| | Ram zu zu sehr Ausgelastet - Keine Programme offen Dazu möchte ich noch sagen das TrustedInstaller.exe im Task Manager 100MB weg zieht und eine svchost.exe 740 MB teilweise 900 MB und bei meinen 3GB Ram ist das schon eine Menge. Früher war das nie so ich versteh einfach nicht warum..  Code:
ATTFilter ComboFix 15-04-16.01 - Administrator 16.04.2015 15:42:28.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.1630 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\program files (x86)\lol
c:\program files (x86)\lol\.wLib.dll
c:\program files (x86)\lol\7-zip.dll
c:\program files (x86)\lol\7z.dll
c:\program files (x86)\lol\7z.exe
c:\program files (x86)\lol\allfiles.ini
c:\program files (x86)\lol\backup\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga
c:\program files (x86)\lol\Be.Windows.Forms.HexBox.dll
c:\program files (x86)\lol\ColorSlider.dll
c:\program files (x86)\lol\DevIL.dll
c:\program files (x86)\lol\dxtVersion.ini
c:\program files (x86)\lol\fsb\ext.bat
c:\program files (x86)\lol\fsb\fsbext.exe
c:\program files (x86)\lol\fsb\map.bat
c:\program files (x86)\lol\fsb\reb.bat
c:\program files (x86)\lol\Global Info.dll
c:\program files (x86)\lol\icons\aatrox_square_0.png
c:\program files (x86)\lol\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\lol\ILU.dll
c:\program files (x86)\lol\Ionic.Zip.dll
c:\program files (x86)\lol\LeagueOfLegendsSkinInstallerLeagueCraftIntegration.user.js
c:\program files (x86)\lol\LGGSIU1.bmp
c:\program files (x86)\lol\LGGSIU2.png
c:\program files (x86)\lol\License - 7zip.txt
c:\program files (x86)\lol\License - Be.HexBox.txt
c:\program files (x86)\lol\License - ColorSlider.txt
c:\program files (x86)\lol\License - Devil.txt
c:\program files (x86)\lol\License - Iconic Zip.txt
c:\program files (x86)\lol\License - ICSharpCode.txt
c:\program files (x86)\lol\License - LoLViewer.txt
c:\program files (x86)\lol\License - MessageForm.txt
c:\program files (x86)\lol\License - NantGoogleCode.txt
c:\program files (x86)\lol\License - nvidia texture tools.txt
c:\program files (x86)\lol\License - nvidia.txt
c:\program files (x86)\lol\License - OpenTK.txt
c:\program files (x86)\lol\License - Skin Installer Ultimate.txt
c:\program files (x86)\lol\License - SqLite.txt
c:\program files (x86)\lol\License - Tao.txt
c:\program files (x86)\lol\License - zlib.txt
c:\program files (x86)\lol\LoL Skin Installer.settings
c:\program files (x86)\lol\LolModIcon.ico
c:\program files (x86)\lol\LOLViewer.exe
c:\program files (x86)\lol\MessageForm.dll
c:\program files (x86)\lol\nocompress.txt
c:\program files (x86)\lol\nvddsinfo.exe
c:\program files (x86)\lol\nvdxt.exe
c:\program files (x86)\lol\OpenTK.Compatibility.dll
c:\program files (x86)\lol\OpenTK.dll
c:\program files (x86)\lol\OpenTK.GLControl.dll
c:\program files (x86)\lol\ParticleReferenceForSIU.exe
c:\program files (x86)\lol\RAF_Unpack_v1.00.exe
c:\program files (x86)\lol\RAFLib.dll
c:\program files (x86)\lol\README Credits Info Instructions and License and change log.txt
c:\program files (x86)\lol\RelManLib.dll
c:\program files (x86)\lol\sai.exe
c:\program files (x86)\lol\SIU-Updater.exe
c:\program files (x86)\lol\Skin Installer Ultimate.exe
c:\program files (x86)\lol\Skin Installer Ultimate.exe.config
c:\program files (x86)\lol\skins.db
c:\program files (x86)\lol\skins\4123\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga
c:\program files (x86)\lol\skins\Bunny\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga
c:\program files (x86)\lol\System.Data.SQLite.dll
c:\program files (x86)\lol\Tao.DevIl.dll
c:\program files (x86)\lol\TextEditor.exe
c:\program files (x86)\lol\wLib.dll
c:\program files (x86)\lol\YuixyIcon.ico
c:\program files (x86)\lol\zlib.net.dll
c:\programdata\1429107363.bdinstall.bin
c:\users\karsten\Documents\Windupdt
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\MSDCSC
c:\windows\SysWow64\networkdlllsp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Legacy_NPF
-------\Service_Run
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-16 bis 2015-04-16 ))))))))))))))))))))))))))))))
.
.
2015-04-16 13:58 . 2015-04-16 13:58 -------- d-----w- c:\users\Nico 2.0\AppData\Local\temp
2015-04-16 13:58 . 2015-04-16 13:58 -------- d-----w- c:\users\karsten\AppData\Local\temp
2015-04-16 13:58 . 2015-04-16 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-16 13:58 . 2015-04-16 13:58 -------- d-----w- c:\users\braunebauch\AppData\Local\temp
2015-04-16 13:58 . 2015-04-16 13:58 -------- d-----w- c:\users\biBa\AppData\Local\temp
2015-04-15 20:43 . 2015-04-15 20:43 -------- d-----w- c:\users\biBa\ROCCAT
2015-04-15 14:07 . 2015-04-15 14:07 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-04-15 13:35 . 2015-04-15 13:35 -------- d-----w- c:\programdata\BDLogging
2015-04-15 13:27 . 2015-04-15 14:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2015-04-15 13:08 . 2015-04-15 13:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-04-15 12:49 . 2015-04-15 14:24 -------- d-----w- c:\program files\Bitdefender
2015-04-15 12:49 . 2015-04-15 12:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2015-04-15 12:29 . 2015-04-15 12:29 -------- d-----w- c:\program files (x86)\MoonTools
2015-04-15 09:45 . 2015-04-15 09:47 -------- d-----w- C:\FRST
2015-04-15 09:22 . 2015-04-15 09:22 -------- d-----w- C:\RegBackup
2015-04-14 13:41 . 2015-04-14 13:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Screaming Bee
2015-04-14 13:34 . 2015-04-14 13:34 -------- d-----w- c:\program files (x86)\Screaming Bee LLC
2015-04-14 12:42 . 2015-04-14 12:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\Remote Control Server
2015-04-14 05:59 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9A36CD5-796E-43A8-9520-86EBB8E48A5C}\mpengine.dll
2015-04-10 16:06 . 2015-04-12 08:57 -------- d-----w- c:\programdata\{dab5c1c1-de22-4a32-dab5-5c1c1de20707}
2015-04-06 15:43 . 2015-04-06 15:43 -------- d-----w- c:\users\Administrator\Tracing
2015-04-04 23:44 . 2015-04-04 23:44 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-04 23:44 . 2015-04-04 23:44 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 13:53 . 2015-04-04 13:53 -------- d-----w- c:\program files\Easy 7-Zip
2015-04-04 13:31 . 2015-04-04 13:41 44492800 ----a-w- c:\program files (x86)\GUT50C2.tmp
2015-04-04 13:31 . 2015-04-04 13:31 -------- d-----w- c:\program files (x86)\GUM50A2.tmp
2015-04-04 13:22 . 2015-04-12 09:03 -------- d-----w- c:\program files (x86)\Opera
2015-04-03 18:56 . 2015-04-03 18:57 -------- d-----w- c:\program files (x86)\TeamViewer
2015-04-03 10:07 . 2015-04-03 10:07 -------- d-----w- c:\users\braunebauch\AppData\Local\Mozilla
2015-03-31 22:47 . 2015-03-31 22:47 -------- d-----w- c:\users\Administrator\AppData\Local\Aviator
2015-03-31 22:47 . 2015-04-04 13:46 -------- d-----w- c:\program files (x86)\Whitehat
2015-03-31 22:43 . 2015-03-31 22:43 -------- d-----w- c:\program files\Waterfox
2015-03-31 20:15 . 2015-03-31 20:16 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2015-03-29 14:00 . 2015-03-29 16:09 -------- d-----w- c:\program files (x86)\R.G. Games
2015-03-27 23:54 . 2015-03-28 00:10 -------- d-----w- c:\program files (x86)\Hazard Ops
2015-03-27 23:40 . 2015-03-27 23:52 -------- d-----w- C:\Hazard Ops
2015-03-27 15:53 . 2015-03-27 15:55 -------- d-----w- c:\programdata\DivX
2015-03-26 21:12 . 2015-03-26 21:14 -------- d-----w- c:\programdata\Package Cache
2015-03-25 16:17 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 16:17 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 16:17 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 16:17 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 16:17 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 16:17 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 16:17 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-25 16:17 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
2015-03-23 14:59 . 2015-03-23 15:29 6103040 ----a-w- c:\program files (x86)\GUT7F40.tmp
2015-03-23 14:59 . 2015-03-23 14:59 -------- d-----w- c:\program files (x86)\GUM7F3F.tmp
2015-03-21 16:29 . 2015-03-21 20:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\DMCache
2015-03-21 16:29 . 2015-03-21 19:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\IDM
2015-03-21 16:29 . 2015-03-21 16:29 -------- d-----w- c:\programdata\IDM
2015-03-21 16:29 . 2015-03-22 09:45 -------- d-----w- c:\program files (x86)\Internet Download Manager
2015-03-20 16:14 . 2015-03-20 16:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Telegram Desktop
2015-03-19 03:08 . 2015-03-19 02:27 191960 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 14:07 . 2013-12-09 21:46 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-04-15 14:07 . 2013-12-09 21:46 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-04-15 10:52 . 2015-03-07 10:53 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-15 10:51 . 2015-03-07 10:52 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 13:31 . 2013-07-13 01:14 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-04 13:31 . 2011-08-07 01:35 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-28 20:01 . 2014-07-27 14:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-28 20:01 . 2013-07-29 06:52 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-28 19:59 . 2014-07-27 14:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-28 19:14 . 2013-08-13 12:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-03-20 19:35 . 2014-06-02 12:17 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-03-20 19:34 . 2014-06-02 12:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-17 05:15 . 2015-03-07 10:52 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 05:15 . 2015-03-07 10:52 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-11 20:58 . 2009-10-22 15:36 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 11:17 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 11:17 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 11:17 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 11:17 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 11:17 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 11:17 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 11:17 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 11:17 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 11:17 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 11:17 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 11:17 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 11:17 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 11:17 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 11:17 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 11:17 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 11:17 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 11:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 11:17 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 11:17 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 11:17 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 11:17 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 11:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 11:17 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 11:17 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 11:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 11:17 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 11:17 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 11:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 11:17 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 11:17 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 11:17 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 11:17 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:17 . 2009-10-22 15:56 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-24 03:15 . 2015-03-11 11:16 389800 ----a-w- c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 11:16 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 11:16 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 11:18 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 11:18 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 11:18 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 11:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 11:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 11:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 11:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 11:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 11:18 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 11:18 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 11:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 11:16 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 11:16 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 11:17 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 11:16 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 11:16 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 11:16 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 11:16 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 11:17 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 11:16 633856 ----a-w- c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 11:16 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 11:17 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 11:16 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 11:16 6035456 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 11:16 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 11:17 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 11:16 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 11:17 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 11:16 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 11:16 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 11:16 199680 ----a-w- c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 11:17 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 11:17 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 11:16 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 11:16 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 11:16 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 11:17 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 11:16 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 11:16 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 11:16 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 11:16 14398976 ----a-w- c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 11:17 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 11:16 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 11:16 2358784 ----a-w- c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 11:16 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 11:16 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 11:16 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 11:16 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 11:16 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="c:\program files (x86)\puush\puush.exe" [2015-03-30 568904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
"Arvo"="c:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2010-04-01 582144]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-11-16 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0??í??????????????1
.
R1 alnbpfpe;alnbpfpe; [x]
R1 MpKslaf5d7170;MpKslaf5d7170; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveTuner2PM;Ashampoo LiveTuner 2 Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys;c:\windows\SYSNATIVE\DRIVERS\camfilt2.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;d:\programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 OM0530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vx.sys;c:\windows\SYSNATIVE\Drivers\ov530vx.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
R3 X6va019;X6va019;c:\windows\SysWOW64\Drivers\X6va019;c:\windows\SysWOW64\Drivers\X6va019 [x]
R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
R4 BAVS;BAVSdienst.exe;cmd.exe /k c:\windows\SysWOW64\BAVS\BAVSdienst.exe;cmd.exe /k c:\windows\SysWOW64\BAVS\BAVSdienst.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 HideIPLaucherService;HideIPLaucherService;c:\program files (x86)\Hide ALL IP\LauncherService.exe;c:\program files (x86)\Hide ALL IP\LauncherService.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
R4 WO_LiveService2;Ashampoo LiveTuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys;c:\windows\SYSNATIVE\drivers\ArvoFltr.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13 13:31]
.
2015-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core.job
- c:\users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-27 14:35]
.
2015-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA.job
- c:\users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-27 14:35]
.
2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 02:32]
.
2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 02:32]
.
2015-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23 14:57]
.
2015-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23 14:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24282.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-CINEMA 4D R14 - c:\program files\MAXON\CINEMA 4D R14\Uninstall.exe
AddRemove-PROPLUS - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-{4209F371-8D72-8119-66FA-897D2D41E27F}_is1 - c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\unins000.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va019]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va019"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va021]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,dd,f5,41,78,e6,61,4d,ab,02,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,dd,f5,41,78,e6,61,4d,ab,02,a3,\
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,b5,3d,cb,a0,e7,2c,4a,85,7e,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,b5,3d,cb,a0,e7,2c,4a,85,7e,76,\
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ggm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jarfile"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.png.16.4"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Photoshop.Image.15"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\IExplore.exe"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\SecuROM\License information*]
"datasecu"=hex:f7,59,20,dd,47,ef,0d,28,50,d6,a9,b6,c0,27,3c,25,11,4f,a8,aa,8d,
a1,84,74,31,19,a9,16,98,be,d4,64,62,50,b9,80,4d,89,99,01,ab,45,d2,f3,a2,49,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-16 16:12:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-16 14:12
.
Vor Suchlauf: 28 Verzeichnis(se), 88.909.987.840 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 89.099.259.904 Bytes frei
.
- - End Of File - - F4159CAB1D569BE701886D0497554029
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.04.2015, 21:26
| #6 |
| /// the machine /// TB-Ausbilder | Ram zu zu sehr Ausgelastet - Keine Programme offen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Ram zu zu sehr Ausgelastet - Keine Programme offen |
|
| Themen zu Ram zu zu sehr Ausgelastet - Keine Programme offen |
| anti, anwendungen, ausgelastet, auslastung, brauch, ccleaner, forum, geschlossen, gestartet, heute, hoffe, immernoch, malwarebytes, morgen, msconfig, neu, nicht mehr, offen, programme, ram, ram auslastung, rootkit, screenshots, virus, windows, wirklich |
WARNUNG an die MITLESER: 
Linear-Darstellung
