Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.05.2015, 20:17   #1
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Hallo,

als ich vor wenigen Minuten mit MBAM einen Bedrohungssuchlauf durchgeführt habe hat das Programm die Datei pi.exe als Troianer angegeben. Außerdem ist mir in letzter Zeit aufgefallen, dass Chrome oft ohne Vorwarnung abstürzt... Gleichzeitig änderte sich dann immer das Aero Design zu Standart mit der Begründung, dass zu wenig RAM zur Verfügung stehe, was jedoch bei 16 GB und einer durchschnittlichen Nutzung von 5 GB nicht der Fall sein kann.

Vielen Dank schon mal im Voraus

Gruß Nick

PS: hier noch der LOG von MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.05.2015
Suchlauf-Zeit: 20:20:46
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.27.04
Rootkit Datenbank: v2015.05.24.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nick

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 403084
Verstrichene Zeit: 29 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, 4960, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1]
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, 5832, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1]

Module: 1
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility32.dll, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], 

Registrierungsschlüssel: 1
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurityUtility, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 1
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\SecurityUtility\SecurityUtility32.dll , Gut: (), Schlecht: (C:\ProgramData\SecurityUtility\SecurityUtility32.dll),Ersetzt,[dac6c6d2573358de759c5d7c18eb4fb1]

Ordner: 1
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], 

Dateien: 6
Trojan.Agent, C:\Users\Nick\AppData\Local\Temp\pi.exe, In Quarantäne, [9b05c4d490fad75f786bfd8ba163de22], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\NSISHelper.dll, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility.exe, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtility32.dll, Löschen bei Neustart, [dac6c6d2573358de759c5d7c18eb4fb1], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SoftConfigTest.exe, In Quarantäne, [dac6c6d2573358de759c5d7c18eb4fb1], 
PUP.Optional.ASK.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ({"extensions":{"settings":{"aaaaaiabcopkplhgaedhbloeejhhankf":{"ack_prompt_count":2,"active_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067024670815708","lastpingday":"13066992006741698","location":6,"manifest":{"background":{"page":"background/background.html"},"browser_action":{"default_icon":"config/skin/images/logo/logo_19x.png","default_popup":"config/skin/chrome-options.html","default_title":"Control the Ask Search App"},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp","search_provider":{"alternate_urls":[],"encoding":"UTF-8","favicon_url":"hxxp://apnstatic.ask.com/static/images/favicon.ico","image_url":"hxxp://www.search.ask.com/pictures?q={searchTerms}","image_url_post_params":"","instant_url":"hxxp://www.search.ask.com/web?q={searchTerms}","instant_url_post_params":"","is_default":true,"keyword":"search.ask.com","name":"Ask Search","search_url":"hxxp://www.search.ask.com/web?q={searchTerms}","search_url_post_params":"","suggest_url":"hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}","suggest_url_post_params":""},"startup_pages":["hxxp://www.search.ask.com/?gct=hp"]},"chrome_url_overrides":{"newtab":"newtab/newtab.html"},"content_scripts":[{"all_frames":true,"js":["lib/constant.js","lib/default-config.js","config/tb-config.js","lib/protocol.js","lib/tb-message.js","lib/widget-messaging.js","content_script/inline-html.js"],"matches":["*://*/*"],"run_at":"document_end"},{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","config/widget-config.js","lib/protocol.js","lib/tb-message.js","lib/state-machine.js","lib/async-gate.js","lib/window-position.js","lib/DataStore.js","lib/logger.js","lib/tb-config-update.js","content_script/positioning.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"}],"description":"Convenient browsing tools and links. Disabling this extension won't uninstall the associated program; for instructions: help.ask.com","icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF6A4+sLzkdmU56W7P0WN8dSdeN1ojg45/uzc8F+YxugTnRn3EHgxej7qwvOpOcAQBizphzWRvHs2rbmtXSii8xBUss5UZg9pQuHIK588mabsZxIJr18Oo2F8zhJP1kLlI6SrXkK/n3FpFQX71R0RGg8RQyyyv7sXdOE7cCe6JoQIDAQAB","manifest_version":2,"name":"Search App By Ask v2","permissions":["management","nativeMessaging","tabs","storage","hxxp://*/*","https://*/*","webRequest","webRequestBlocking"],"update_url":"https://clients2.google.com/service/update2/crx","version":"55.11","web_accessible_resources":["config/skin/css/containers.css","config/skin/toolbar.html","widgets/search-suggestion/search-suggestion.html","widgets/options/options.html","widgets/templates/feed.html","widgets/templates/menu.html","config/skin/widgets/SPE-options/options.html"]},"path":"aaaaaiabcopkplhgaedhbloeejhhankf\\55.11_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"abkhhgjpfcnmmpmhghohpfkcgoineebk":{"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"zm","blacklist_state":3,"creation_flags":9,"disable_reasons":512,"events":[],"from_bookmark":false,"from_webstore":true,"install_time":"13015610995969439","last_active_pingday":"13015666799531781","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://cloudygame.com/#play/doodle-jump-deluxe-flash-hd/46"},"urls":["hxxp://cloudygame.com/#play/doodle-jump-deluxe-flash-hd/46"]},"current_locale":"de","default_locale":"en","description":"Der weltberühmte Doodle Jump ist jetzt hier. Können Sie schlagen die besten Noten?","icons":{"128":"icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu4zicklCnUWhFSSp2Nz0fGejMU3lCmdOdAqwsWXiGFW0Dtp1Bs5W7F71NrYXuN7B9dxTa2+8SjAOn3uCrQPs/PC3vMHgpgTcya42zvQA58BNU80RZjN1tUfVS4SJNcjj37TBZ58HeyubA4t73Yc4VlAYhejwDX1/3nPaVMvEhRwIDAQAB","manifest_version":2,"name":"Doodle Jump Deluxe Flash HD ","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"1.6"},"page_ordinal":"n","path":"abkhhgjpfcnmmpmhghohpfkcgoineebk\\1.6_0","state":0,"was_installed_by_default":false},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_bit":true,"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\web_store","was_installed_by_default":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067641259939867","lastpingday":"13077183600296718","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"de","default_locale":"en_US","description":"Dokumente erstellen und bearbeiten","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"https://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067641260593434","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"https://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","https://docs.google.com/","https://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"de","default_locale":"en_US","description":"Google Drive: Alle Inhalte an einem Ort erstellen, teilen und speichern.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"https://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"https://clients2.google.com/service/update2/crx","version":"6.4"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\6.4_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":153,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067641260260808","last_active_pingday":"13024738798034404","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"de","default_locale":"en","description":"Die beliebteste Online-Video-Community der Welt","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"cfhdojbkjhnklbpkdaibdccddilifddb":{"active_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","https://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","https://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070493971994612","lastpingday":"13077183600296718","location":1,"manifest":{"background":{"scripts":["ext/common.js","ext/background.js","lib/compat.js","lib/info.js","lib/io.js","lib/adblockplus.js","lib/punycode.js","lib/publicSuffixList.js","lib/sha1.js","lib/jsbn.js","lib/rsa.js","webrequest.js","messageResponder.js","popupBlocker.js","background.js"]},"browser_action":{"default_icon":{"19":"icons/abp-19.png","38":"icons/abp-38.png"},"default_popup":"popup.html","default_title":"Adblock Plus"},"content_scripts":[{"all_frames":true,"js":["ext/common.js","ext/content.js","include.preload.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_start"},{"all_frames":true,"js":["include.postload.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_end"}],"current_locale":"de","default_locale":"en_US","description":"Ein kostenloser Werbeblocker mit über 50 Mio Nutzern, der ALLE nervenden Werbeanzeigen, Malware- und Tracking-Angriffe blockiert.","icons":{"128":"icons/detailed/abp-128.png","16":"icons/abp-16.png","32":"icons/abp-32.png","48":"icons/detailed/abp-48.png","64":"icons/detailed/abp-64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxGWIIBRUVzQIXITqE6+js1FA24fsZC58G0fxcO1Duwfps+9gip5tedTziErKEpeAQVkgasdT4kk+b6Lw27yp3oysAj6zD9j+j4W+EMArTXqMIc6SMYD7Z8bPcwPb3tC1MUxMSpO6oOVpFE23UhKe91SYnrK92nHI2cmsor5elXQIDAQAB","manifest_version":2,"minimum_chrome_version":"28.0","name":"Adblock Plus","options_page":"options.html","permissions":["tabs","hxxp://*/*","https://*/*","contextMenus","webRequest","webRequestBlocking","webNavigation","unlimitedStorage","notifications"],"short_name":"Adblock Plus","update_url":"https://clients2.google.com/service/update2/crx","version":"1.8.12","web_accessible_resources":["block.html"]},"path":"cfhdojbkjhnklbpkdaibdccddilifddb\\1.8.12_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":153,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072136215421887","last_active_pingday":"13024220398764713","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"de","default_locale":"en","description":"Die schnellste Suche im Web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","manifest_version":2,"name":"Google-Suche","permissions":[],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.30"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.30_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"dnhpdliibojhegemfjheidglijccjfmc":{"active_permissions":{"api":["hotwordPrivate","tabs","webConnectable"],"explicit_host":["*://*.google.co.uk/*","*://*.google.com/*","*://*.google.de/*","*://*.google.fr/*","*://*.google.ru/*","chrome://newtab/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"ephemeral_app":false,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13054416685484770","location":5,"manifest":{"background":{"persistent":false,"scripts":["manager.js"]},"externally_connectable":{"matches":["*://*.google.com/*","*://*.google.ru/*","*://*.google.co.uk/*","*://*.google.fr/*","*://*.google.de/*","chrome://newtab/"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB","manifest_version":2,"minimum_chrome_version":"32","name":"hotword helper","permissions":["*://*.google.com/*","*://*.google.ru/*","*://*.google.co.uk/*","*://*.google.fr/*","*://*.google.de/*","chrome://newtab/","hotwordPrivate","tabs"],"version":"0.0.2.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.103\\resources\\hotword_helper","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13014039086886869","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\bookmark_manager","was_installed_by_default":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13014039086886869","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\settings_app","running":false,"was_installed_by_default":false},"flliilndjeohchalpbbcdekjklbdgfkk":{"active_permissions":{"api":["cookies","storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["chrome://favicon/*","hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cookies","storage","tabs","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["chrome://favicon/*","hxxp://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["*://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077131217715949","lastpingday":"13077183600296718","location":1,"manifest":{"background":{"scripts":["js/bunches/background.js"]},"browser_action":{"default_icon":{"16":"img/avira_icon16.png","19":"img/avira_logo.png","24":"img/avira_icon24.png","32":"img/avira_icon32.png","38":"img/avira_logo.png"},"default_title":"Avira Browser Safety"},"content_scripts":[{"css":["css/content/content.css"],"js":["js/bunches/content.js"],"matches":["*://*/*"]},{"css":["css/content/search.css"],"js":["js/bunches/search.js"],"matches":["*://*/*"]},{"js":["js/bunches/content_start.js"],"matches":["*://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src 'self' https://cdn.mxpnl.com hxxp://localhost:4000 https://localhost https://avira.com https://www.avira.com https://www.tt.avira.com; object-src 'self'","current_locale":"de","default_locale":"en","description":"Schützt Ihre Privatsphäre durch Blockieren von Online-Gefahren.","icons":{"128":"img/avira_icon128.png","16":"img/avira_icon16.png","48":"img/avira_icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl3UicGZTgzDr3crrsAxjwue3gjDfxGKIxaipQBP8smbkQ2GuKVO9nojCLRzdn7TkB+Xo60aTqHC2hQhby0MMyjAvgqjXR2cE+99PtB4Hpvf7k/EOO7VMT2ndm/lVM9cJUtNq3A7GUxTqmL78akNAxgjZK0n2onNqpmiVHxufCmq8tlU+5NtJkk6ioRATpjdsjAxqeuRyglwzx0cPVMpXg8fUXp2EhwFYsDevN6f+7Sm0QujCmjOy11yjlz8XfnX3ODVCwByureqJLuTJpw5SMOykz4LHmUwiIvPdOZXJ9eiduedncVqDMuPTMWwWpkD3uV95pnmFNKE/6GxIx2dhwIDAQAB","manifest_version":2,"name":"Avira Browserschutz","options_page":"html/top.html#settings/General","options_ui":{"chrome_style":true,"open_in_tab":true,"page":"html/top.html#settings/General"},"permissions":["tabs","storage","webNavigation","webRequest","webRequestBlocking","cookies","hxxp://*/*","https://*/*","chrome://favicon/"],"update_url":"https://clients2.google.com/service/update2/crx","version":"1.4.8","web_accessible_resources":["html/top.html","html/blocked.html","img/serp_info_safe.svg","img/serp_info_unsafe.svg","css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png","img/absb-checks.png","img/absb-attention.png","img/absb-close.png"]},"path":"flliilndjeohchalpbbcdekjklbdgfkk\\1.4.8_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13029183391814621","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.57\\resources\\feedback","running":false,"was_installed_by_default":false},"gmlllbghnfkpflemihljekbapjopfjik":{"ack_external":true,"active_permissions":{"api":["activeTab","bookmarks","bookmarkManagerPrivate","fileSystem","fileSystem.write","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","webConnectable"],"explicit_host":["*://*.google.com/*","chrome://favicon/*"],"manifest_permissions":[{"chrome_ui_overrides":true}]},"commands":{"_execute_page_action":{"suggested_key":"Ctrl+D","was_assigned":true}},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["activeTab","bookmarks","bookmarkManagerPrivate","fileSystem","fileSystem.write","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","webConnectable"],"explicit_host":["*://*.google.com/*","chrome://favicon/*"],"manifest_permissions":[{"chrome_ui_overrides":true}]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076852575451746","lastpingday":"13077183600296718","location":10,"manifest":{"background":{"persistent":true,"scripts":["bootstrap.js","background_compiled.js"]},"chrome_ui_overrides":{"bookmarks_ui":{"remove_bookmark_shortcut":true,"remove_button":true}},"chrome_url_overrides":{"bookmarks":"bookmarks.html"},"commands":{"_execute_page_action":{"description":"Stars popup","suggested_key":{"default":"Ctrl+D"}}},"content_security_policy":"script-src 'self' https://*.google.com https://*.gstatic.com; object-src 'self'","current_locale":"de","default_locale":"en","description":"Bookmark Manager","externally_connectable":{"matches":["*://*.google.com/*"]},"icons":{"16":"icons/bookmarks16.png","32":"icons/bookmarks32.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO1rEc7Du17LBzIOf1nXMC4JM4suAzgaswHRjJhaE4/fNIXxrTjqaDH5tpU7huX8RdVyuu3zggdP36mpqhLYNzCf9fgnvhZEGpsXYqedWXapQ4nrVca4Xg5SB8/K7oRS+dnMwwxYjED434qTyfiSiJoXVo7MXa+qBckMQ6Wf0t0QIDAQAB","manifest_version":2,"minimum_chrome_version":"42","name":"Bookmark Manager","oauth2":{"client_id":"610799782257-avhfi6rijk0n02t94linmllq54ool5kf.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/chromesync"]},"page_action":{"default_icon":{"19":"icons/collected19.png"},"default_title":"Star Page"},"permissions":["activeTab","bookmarks","bookmarkManagerPrivate","chrome://favicon/","identity","identity.email","management","metricsPrivate","notifications","preferencesPrivate","storage","tabs","*://*.google.com/*",{"fileSystem":["write"]}],"update_url":"https://clients2.google.com/service/update2/crx","version":"2.2015.506.11355"},"path":"gmlllbghnfkpflemihljekbapjopfjik\\2.2015.506.11355_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"iajlkcpgcnbhfhpdeooockfaincfkjjj":{"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"zs","creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"install_time":"13022013577472964","last_active_pingday":"13016012400250961","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.isoball3game.com/"},"urls":["hxxp://www.isoball3game.com/"]},"current_locale":"de","default_locale":"en","description":"Isoball 3 enthält 75 neue Levels, um Ihre Fähigkeiten zu testen.","icons":{"128":"icon128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZ+jaUeIs+wUMAFCL0sMHsUXw2A3ynzVoBzs46LrDObSsQ3a1iN/fbAjOMFUye8TQKUHFttN7MRZFwW+6EvpyjCLNg4o+WRSfNkSx5WdIa8Q4JyR5hTWPDdbEqOFXCHVlGq0/JsWJMfJach1C/0feUlmn+0t0DKxTgYhirsifKdwIDAQAB","manifest_version":2,"name":"Isoball 3","update_url":"https://clients2.google.com/service/update2/crx","version":"1.4.0"},"page_ordinal":"n","path":"iajlkcpgcnbhfhpdeooockfaincfkjjj\\1.4.0_0","state":1,"was_installed_by_default":false},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","hid","tabs","u2fDevices","usb",{"usbDevices":[{"interfaceId":-1,"productId":529,"vendorId":4176}]},"webConnectable"],"explicit_host":["hxxp://*/*","https://*/*","https://www.gstatic.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076852539363587","location":5,"manifest":{"background":{"persistent":false,"scripts":["util.js","b64.js","sha256.js","countdown.js","countdowntimer.js","devicestatuscodes.js","approvedorigins.js","errorcodes.js","gnubbycodetypes.js","webrequest.js","gnubbymsgtypes.js","messagetypes.js","factoryregistry.js","closeable.js","requesthelper.js","webrequestsender.js","enroller.js","requestqueue.js","signer.js","origincheck.js","textfetcher.js","appid.js","watchdog.js","cryptotokenorigincheck.js","cryptotokenapprovedorigins.js","gnubbydevice.js","hidgnubbydevice.js","usbgnubbydevice.js","gnubbies.js","gnubby.js","gnubby-u2f.js","gnubbyfactory.js","singlesigner.js","multiplesigner.js","generichelper.js","inherits.js","individualattest.js","devicefactoryregistry.js","usbhelper.js","usbenrollhandler.js","usbsignhandler.js","usbgnubbyfactory.js","googlecorpindividualattest.js","cryptotokenbackground.js"]},"description":"CryptoToken Component Extension","externally_connectable":{"accepts_tls_channel_id":true,"ids":["fjajfjhkeibgmiggdfehjplbhmfkialk"],"matches":["\u003Call_urls>"]},"incognito":"split","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB","manifest_version":2,"name":"CryptoTokenExtension","permissions":["hid","u2fDevices","usb","cryptotokenPrivate","externally_connectable.all_urls","tabs","https://*/*","hxxp://*/*",{"usbDevices":[{"productId":529,"vendorId":4176}]}],"version":"0.9.22"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\cryptotoken","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"lccekmodgklaepjeofjdjpbminllajkg":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076852580352879","lastpingday":"13077183600296718","location":10,"manifest":{"description":"Support files for Chrome Hotwording.","export":{"resources":["audio/*","_platform_specific/*","hotword_*.nmf"],"whitelist":["nbpagnldghgfoolbancepceaanlmhfmd"]},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxhwmnepSrtvEcatE9K4SxOUTy6U1LNpuaT3BNr12cuehQT5YAGeUcgeIMQmE0/h/EefU53TcjUEn9vgE8+aSZW0VirROE36hfcWpqyxf9jh0mPRluLIxCW+ObD/B5YoXj0kxTWIaDQqKYBJyo+QCRwef5hwfAoUoDggnYDRHHG4z3mfZJ4duY2H3ISEw4/tsvAm8SxCZm+W6laCV0AkJxO+s4bNNC0z0Y5+G3nw24uV8cdMnfQcFUWJncnwqDSTUp7vOZb570Wv02TD+qhpA2rlF0/ym6edXoKzapR4+SQQllDXZ0yLZ3GQ6uf7IsCufSoYPoIsmYExHrlZbgVkWwIDAQAB","manifest_version":2,"minimum_chrome_version":"39","name":"Chrome Hotword Shared Module","platforms":[{"lang":"de","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_de/"},{"lang":"de","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_de/"},{"lang":"de","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_de/"},{"lang":"en-AU","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_en-au/"},{"lang":"en-AU","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_en-au/"},{"lang":"en-AU","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_en-au/"},{"lang":"en-GB","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_en-gb/"},{"lang":"es","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_es/"},{"lang":"es","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_es/"},{"lang":"es","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_es/"},{"lang":"fr","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_fr/"},{"lang":"fr","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_fr/"},{"lang":"fr","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_fr/"},{"lang":"it","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_it/"},{"lang":"it","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_it/"},{"lang":"it","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_it/"},{"lang":"ja","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ja/"},{"lang":"ja","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ja/"},{"lang":"ja","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ja/"},{"lang":"ko","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ko/"},{"lang":"ko","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ko/"},{"lang":"ko","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ko/"},{"lang":"pt-BR","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_pt-br/"},{"lang":"pt-BR","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_pt-br/"},{"lang":"pt-BR","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_pt-br/"},{"lang":"ru","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ru/"},{"lang":"ru","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ru/"},{"lang":"ru","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ru/"},{"nacl_arch":"arm","sub_package_path":"_platform_specific/arm_/"},{"nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_/"},{"nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_/"}],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.3.0.5"},"path":"lccekmodgklaepjeofjdjpbminllajkg\\0.3.0.5_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\cloud_print","was_installed_by_default":false},"mfffpogegjflfpflabcdkioaeobkgjik":{"active_permissions":{"api":["webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070753489795811","location":5,"manifest":{"background":{"scripts":["channel.js","background.js"]},"content_scripts":[{"all_frames":true,"js":["channel.js","saml_injected.js"],"matches":["\u003Call_urls>"],"run_at":"document_start"}],"content_security_policy":"default-src 'self'; script-src 'self'; frame-src *; style-src 'self' 'unsafe-inline'","description":"GAIA Component Extension","key":"MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==","manifest_version":2,"name":"GaiaAuthExtension","permissions":["\u003Call_urls>","webRequest","webRequestBlocking"],"version":"0.0.1","web_accessible_resources":["main.css","main.html","main.js","offline.css","offline.html","offline.js","success.html","success.js","util.js"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\41.0.2272.89\\resources\\gaia_auth","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13014039086886869","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\chrome_app","was_installed_by_default":false},"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":[],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["chrome://print/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073750509781239","location":5,"manifest":{"content_scripts":[{"js":["content_script.js"],"matches":["chrome://print/*"]}],"content_security_policy":"script-src 'self' chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name":"Chrome PDF Viewer","offline_enabled":true,"permissions":["\u003Call_urls>"],"version":"1","web_accessible_resources":["index.html","index.html"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\pdf","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nbpagnldghgfoolbancepceaanlmhfmd":{"active_permissions":{"api":["audioCapture","hotwordPrivate","idle","management","metricsPrivate","tabs","unlimitedStorage","webConnectable"],"explicit_host":["*://*.google.at/*","*://*.google.ca/*","*://*.google.co.jp/*","*://*.google.co.kr/*","*://*.google.co.nz/*","*://*.google.co.uk/*","*://*.google.co.za/*","*://*.google.com.au/*","*://*.google.com.br/*","*://*.google.com.mx/*","*://*.google.com/*","*://*.google.de/*","*://*.google.es/*","*://*.google.fr/*","*://*.google.it/*","*://*.google.ru/*","chrome://newtab/*","chrome://resources/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["hotwordPrivate.onDeleteSpeakerModel","hotwordPrivate.onEnabledChanged","hotwordPrivate.onSpeakerModelExists","management.onInstalled","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073750509774866","location":5,"manifest":{"background":{"persistent":false,"scripts":["chrome://resources/js/cr.js","chrome://resources/js/util.js","chrome://resources/js/cr/event_target.js","constants.js","keep_alive.js","logging.js","metrics.js","nacl_manager.js","state_manager.js","base_session_manager.js","always_on_manager.js","launcher_manager.js","page_audio_manager.js","training_manager.js","manager.js"]},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","import":[{"id":"lccekmodgklaepjeofjdjpbminllajkg"}],"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbHXRPiq2De9EJ+4pvNN6uE/D2avxrqyLSpA/Hq3II+btkPl1gboY3oUPTfevpVOFa90Y1c1b3/W682dXqybT0klIvFLKhdQx0LiVqSUQyIaDrwOCSo/ZcukbEwDRojegWymCjHvX6WZk4kKZzTJYzY1vrp0TWKLhttEMN9KFmowIDAQAB","manifest_version":2,"minimum_chrome_version":"38","name":"Hotword triggering","permissions":["*://*.google.at/*","*://*.google.ca/*","*://*.google.com/*","*://*.google.com.au/*","*://*.google.com.mx/*","*://*.google.com.br/*","*://*.google.co.jp/*","*://*.google.co.kr/*","*://*.google.co.nz/*","*://*.google.co.uk/*","*://*.google.co.za/*","*://*.google.de/*","*://*.google.es/*","*://*.google.fr/*","*://*.google.it/*","*://*.google.ru/*","chrome://newtab/","chrome://resources/","audioCapture","hotwordPrivate","idle","management","metricsPrivate","tabs","unlimitedStorage"],"version":"0.0.1.4"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\hotword","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["https://www.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13037580481034096","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Español"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Français"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google æ?¥æ?¬äºº"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google í??êµ*ì?"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google ä¸*å?½ç??"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["alarms.onAlarm","runtime.onConnectExternal","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13034616784412756","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/hangouts*","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout Services","permissions":["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076110110912584","lastpingday":"13077183600296718","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"de","default_locale":"en","description":"Google Wallet für digitale Produkte","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","background","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046552160457787","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","all_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072136215798799","last_active_pingday":"13022751599177161","lastpingday":"13077183600296718","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"de","default_locale":"en","description":"Schneller E-Mail-Dienst mit Suchfunktion und wenig Spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Google Mail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"SILVERSTow@gmail.com","username":"SILVERSTow@gmail.com"}},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"9103D77B3A73F69508678747425CBB546C3C19A6154381AF68A62F0CF498A5C3"},"default_search_provider":{"keyword":"143550D0197722122EF3716B56A79623144A8FA4697D774AA628AA4EB5E1C11F","name":"D23FC78422D475E96D3C9DB05E223243BE2D6701DED648BF84384EA0D26CD8EB","search_url":"15F01E044534CD2F958A050C4391B5210D371CC6DA8371EA82A8470D98A0AFF7"},"default_search_provider_data":{"template_url_data":"21298A6AA20E9337EAD4FCAAA6A82E86328596413DFA2C5AD86885D0DD3021B1"},"extensions":{"settings":{"aaaaaiabcopkplhgaedhbloeejhhankf":"06A266779B7FE2767AA28C83301179834A042A644EDA6676EDE10B8DBE507C9C","abkhhgjpfcnmmpmhghohpfkcgoineebk":"79685660972D127BB6346B543AD094C9A4624F8C186830D73EE1F8FD79E16896","ahfgeienlihckogmohjhadlkjgocpleb":"50591D6842DF3E58954708599DAB518C30F68974D8430359E053E71870BE9305","aohghmighlieiainnegkcijnfilokake":"43AC3720DE60AF22F2DA0B25D15B8A54F318420F2C953093328FD5A2A8541CCA","apdfllckaahabafndbhieahigkjlhalf":"6BB502FF25755F234984934738AD89CCC60050358BE2A781F641D040204129C5","bepbmhgboaologfdajaanbcjmnhjmhfn":"6ED1346395F7B65D73116DE5B4E050E61F23B2D3D5FD7AD752D7274CBFEEA008","blpcfgokakmgnkcojhhkbfbldkacnbeo":"2630B6D956D80973C3C0D7DBA8F2F9F9061B451FE495DAFE8FFC48472BCA2D89","cfhdojbkjhnklbpkdaibdccddilifddb":"7F7127294728FF94975793CC3743D771D0C1356E30052337012A90E08F4B17E2","coobgpohoikkiipiblmjeljniedjpjpf":"6E36C3EC8C0A7FEEF7E22D11808B3EEAA36994EF2353A05F2454FAD6154DAB8F","dnhpdliibojhegemfjheidglijccjfmc":"85C19E162083F94B77FEF84A7B9681F63CB59E9AD83FA62207435C9B1356C543","eemcgdkfndhakfknompkggombfjjjeno":"45FC7CF26C7AF9E2AAEFF3784977C7D39BDBA7C752D934FD1A148B2D006FA296","ennkphjdgehloodpbhlhldgbnhmacadg":"86DB84D07EC9A832B1B6724EAE7F9C3DE70D1CE72037FFEC401F0B369A910166","flliilndjeohchalpbbcdekjklbdgfkk":"7310AFE93DFC308FACE3F1BD3EBBF58A51384AC1ED31CDCE4577663D5182F1D6","gfdkimpbcpahaombhbimeihdjnejgicl":"8611FB1BDDEB3FEB86009C15604CDCFDAD82DCEC36BB94FBA60DB70ADDDFBA0D","gmlllbghnfkpflemihljekbapjopfjik":"560990EF270B14DA160F6051699DA753084E7A9DC4936C161A670330361B32A6","iajlkcpgcnbhfhpdeooockfaincfkjjj":"5B2F529DD01756B8638408C8D87759409FC67DED8ABDF88D5D8965FEA91636EE","kmendfapggjehodndflmmgagdbamhnfd":"7C75A931BA52FBDE5EEA2ECA0C38FF2382AD355EAF7851250737212478F171F9","lccekmodgklaepjeofjdjpbminllajkg":"CF099F094353B20CB1141982136BDDD359793DC57FBDC626702044C05648FB79","mfehgcgbbipciphmccgaenjidiccnmng":"34EBCE467B274407A3AF7B7436F4569280A211EEC42F325C152F4BB755CA391B","mfffpogegjflfpflabcdkioaeobkgjik":"8AFFEFFF214DF930223DAC09AAB89C11C3B22E2FA7DC6E9607A3D1A7498DAA2B","mgndgikekgjfcpckkfioiadnlibdjbkf":"CC87C245C2BF72B27CB095A0A8BE7C6FEECEDA1E5C900AC75A2D298A7D8CFA52","mhjfbmdgcfjbbpaeojofohoefgiehjai":"DF4C33640C86E250520CEFC4FC85647327D29942D5731D5BB4AEC0251BBB2959","nbpagnldghgfoolbancepceaanlmhfmd":"2C987AF269DD5DE780FA54E8E93594409989E1479A8DD5058A798A546D4A1E56","neajdppkdcdipfabeoofebfddakdcjhd":"09FF33F7FBF6C263F8412935EA90954633965C5F274B0BAECF455AB9F2A84025","nkeimhogjdpnpccoofpliimaahmaaome":"CFDCBFE89FACB8BF08C635489F0C1185B940BB337C93AACCE4904985A5E065C6","nmmhkkegccagdldgiimedpiccmgmieda":"1718343795E27B6E75C3523F95FF030F92B5A58C66DDE5394F97A38B87519131","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7F18D45982FD82E4F6063B4D01513FF03D121D0A5F8A81D52290B93523F18E15","pjkljhegncpnkpknbcohdijeoejaedia":"F8DF9C49F9E3EAB51A5FAC6710403F68867771191FDB72BC6E67DDAC6584E47E"}},"google":{"services":{"last_username":"500606BD925BD910DDA4E63449FAB8EB0D7C49C86F3AC2295EF245EA88DD2351","username":"F02E7C361639FB39BA73DF19452592BA5A03BE18138EAB1D10AB716BD82A16D5"}},"homepage":"E6F5DEDCDC0FA8B42892CE2544BFB2A580E1E35049ED9D838C724127FFAFF055","homepage_is_newtabpage":"E8AE4931C80B9B24284BA616AA3B6289AB121D34CC61A7EA927E7FAD7E04AEA8","pinned_tabs":"AA023312B0F25B3DEED836537C589D01F06B0880E16A47790BDA45206A903788","prefs":{"preference_reset_time":"3BD6E0C6DDFB0D2A7DC53D0F1A3CD607748A18C97C5B69559AEDB5E527BEF29C"},"profile":{"reset_prompt_memento":"5C674EFE210A2EFA312B676E9DADD2BDC66931F8CE5445074A35418580D76BE9"},"safebrowsing":{"incidents_sent":"B4B7318EE85C590501F08E623222A4AEFA5175C7EB87200DEF5AF128E0F74272"},"search_provider_overrides":"5F89590B6FF63820205085C4FDBFFA76C657C27861E236AA1B45714B88E6481D","session":{"restore_on_startup":"DB3FD204FD3E341D48ECF9CEF2A0A8E81E8D4686AAB00C47BECA8D92BA2A5048","startup_urls":"5AEFD04382E3605F4BA3FB8F157040AFD0CA10F89EE7280687F493927EC341B2"},"software_reporter":{"prompt_reason":"513EF978BF4355EFF1561AF4A2FEE72A90F59A8B8B1B7B4A5A657EF5106C6D6F","prompt_seed":"D8876E72F2C162216C6DA2ABC23F7AD0C3044B1FDD90A3A5675BBF365FDAAC0C","prompt_version":"0274DC722574C55569CD30B26500E462EAF5229E8C05348A7A191EA1A7E55C93"},"sync":{"remaining_rollback_tries":"4937FCBAA8676699B47756A7E86EBDCC37839C362D952683E625440B7ACD14B8"}},"super_mac":"C0D412A589826BCBAFA234E66EE31E8928760CAF7A223475F94AC5D5962BC4A4"},"session":{"restore_on_startup":1,"startup_urls":["https://www.google.de/search?q=googler&rlz=2C1CHFX_deDE0537DE0537&oq=googler&aqs=chrome.0.69i57j5j0l2&sourceid=chrome&ie=UTF-8"]},"sync":{"remaining_rollback_tries":0}}), Ersetzt,[c9d71a7ed4b6ad891fc64e1fba4cc63a]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

Alt 27.05.2015, 20:45   #2
Warlord711
/// TB-Ausbilder
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.05.2015, 18:13   #3
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nick at 2015-05-28 19:08:00
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2093199856-2832982660-2437927299-500 - Administrator - Disabled)
Gast (S-1-5-21-2093199856-2832982660-2437927299-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2093199856-2832982660-2437927299-1002 - Limited - Enabled)
Nick (S-1-5-21-2093199856-2832982660-2437927299-1000 - Administrator - Enabled) => C:\Users\Nick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version:  - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Back to Bed (HKLM-x32\...\Steam App 308040) (Version:  - Bedtime Digital Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.67b - Blender Foundation)
Blobby Volley 2.0 Version 0.9b (HKLM-x32\...\Blobby Volley 2.0 Version 0.9b_is1) (Version:  - )
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
CodeBlocks (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deep Fritz 14 64-bit (HKLM\...\{678EE564-7768-4E8C-9EEA-35954C4FF423}) (Version: 14.0.0.0 - ChessBase)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die ersten 10 Jahre (HKLM-x32\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.1 - Daedalic Entertainment)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free DVD Video Converter version 2.0.21.806 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.21.806 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Harveys Neue Augen Demo (HKLM-x32\...\Harvey) (Version: 1.0 - Daedalic Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JStock (remove only) (HKLM-x32\...\JStock) (Version:  - )
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LIMBO (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Limbo) (Version:  - )
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector C++ 1.1.4 (HKLM\...\{1F5C1E97-AE40-4EE7-9959-3D8038B6EAC8}) (Version: 1.1.4 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9779CE68-28F8-4E19-A70C-48BEA184C656}) (Version: 5.1.33 - Oracle Corporation)
MySQL Connector Net 6.9.3 (HKLM-x32\...\{74857B00-8FC2-4E98-83C3-31CA77FDDA95}) (Version: 6.9.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{4E2AAB30-1E42-4ACA-B1A9-3AE8629D0C89}) (Version: 6.1.5 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation)
MySQL Documents 5.5 (HKLM-x32\...\{BCF64211-43D1-4152-A152-7E30D0D7570D}) (Version: 5.5.40 - Oracle Corporation)
MySQL Examples and Samples 5.5 (HKLM-x32\...\{33A3D172-0E98-4D16-80DD-9CB3D4AC814D}) (Version: 5.5.40 - Oracle Corporation)
MySQL For Excel 1.3.2 (HKLM-x32\...\{C51E8927-4D82-4157-AA21-0D62900E214A}) (Version: 1.3.2 - Oracle)
MySQL Installer (HKLM-x32\...\{2D5C73E8-EA6C-4A0A-8B27-FF48B04977E5}) (Version: 1.3.7.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Utilities (HKLM-x32\...\{0B18AA75-6A44-4950-A0A2-A486C2D839A0}) (Version: 1.4.4 - Oracle Corporation)
MySQL Workbench 6.2 CE (HKLM-x32\...\{5997433F-76FA-4A1E-B8ED-22C7B0041D3F}) (Version: 6.2.3 - Oracle Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{98812f3d-e80b-4944-9fdf-8b8a145eeff0}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Samsung i-Launcher 1.0.1.22 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.22 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder Classic 4 (HKLM-x32\...\{C0FA6973-0ED6-4523-9593-BE50927A28BB}_is1) (Version:  - Stefan Meyer-Kahlen)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPEEDLINK REFLECT (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.5 - SPEEDLINK)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
USIM Editor 1.0.33.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version:  - )
Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version: 2.0 - kapieren.de)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.12.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
WorldPainter 1.8.5 (HKLM\...\4144-4862-0472-7103) (Version: 1.8.5 - pepsoft.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2093199856-2832982660-2437927299-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-05-2015 15:58:25 AVG PC TuneUp 2015 wird entfernt
24-05-2015 15:59:01 AVG PC TuneUp 2015 (de-DE) wird entfernt
24-05-2015 19:00:04 Windows-Sicherung
24-05-2015 21:30:03 NVIDIA PhysX wird entfernt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-12 17:25 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0707A902-C399-4CB6-958C-799A14C44554} - System32\Tasks\{E3A60ACE-0A07-4C77-B11E-CC1A1BB47747} => pcalua.exe -a C:\Users\Nick\Downloads\forge-1.7.10-10.13.0.1188-installer-win.exe -d C:\Users\Nick\Downloads
Task: {10E20190-DF4E-4BDC-99DA-27871F02E8AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {31CB2F5C-67F6-4A86-8CAA-3AB99769FAD9} - System32\Tasks\{820356CB-EF83-4F54-9A2A-2DDA5775837A} => pcalua.exe -a C:\Users\Nick\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\Nick\Downloads
Task: {36151F80-37E8-4DB1-A2E4-0D82979C2C45} - System32\Tasks\WBCYJ1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe
Task: {449AED61-1E93-44B1-A017-3B8C6E7A803D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {50976628-F218-45DE-B800-B1DE25BEBEF9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {6C15F5E7-C1AA-427C-999C-582F99D6DC85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {7220D149-5A6F-4CDF-9417-16715361B0CD} - System32\Tasks\{D832EF5B-B92E-4E00-A32B-17DE2F86F23C} => pcalua.exe -a D:\setup.exe -d C:\Users\Nick\Desktop
Task: {7A684ACA-7CA5-4A88-81AA-581308203975} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {80113F21-F93F-45EE-A746-2FB9B8EC1903} - System32\Tasks\{E83A90AD-AAC7-404A-ADAC-C19B9A6231AB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1604
Task: {8FEB3C11-7AEE-470E-8F3A-7AAE161238D5} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe [2014-09-03] (Oracle Corporation)
Task: {A6B293F1-52F0-4348-BC0B-C691D02FDD0C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CAA21C80-B320-4B3E-828F-59104CF4BEB6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {CC1E9318-04E0-4A24-8701-1FAF8129ED2A} - System32\Tasks\{9438142E-686D-46F2-8775-D190EA9C36B5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/de/abandoninstall?page=tsBing
Task: {EED0DFB1-99E6-4354-B5F8-FF61126BCB58} - System32\Tasks\{5533A666-D628-493D-A04A-240DDF67D24F} => pcalua.exe -a C:\Users\Nick\Desktop\forge-1.7.10-10.13.0.1188-installer-win.exe -d C:\Users\Nick\Desktop
Task: {F491C524-E202-4A4F-A565-E5330A6D0534} - System32\Tasks\{41B5DFA3-6523-464B-9ED1-78671AAEAEA3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {F88DABE5-4C16-4B9D-B0E8-295651AEE9E8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WBCYJ1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-25 12:10 - 2011-03-31 05:37 - 00221184 ____N () C:\Windows\system\Cm106eye.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-01-13 03:51 - 2014-01-13 03:51 - 00301912 _____ () C:\Windows\system32\wintab32.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-08-12 18:56 - 00102344 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-08-12 18:56 - 00108488 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-08-12 18:56 - 00563656 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-08-12 18:56 - 00579016 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2014-01-13 03:51 - 2014-01-13 03:51 - 00301912 _____ () C:\Windows\system32\WinTab32.DLL
2015-04-07 20:59 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-21 14:18 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 16:50 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 16:50 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 16:50 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 18:37 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 15:06 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 15:06 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 15:06 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 15:06 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 15:06 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-28 13:47 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-05-28 19:04 - 2015-05-28 19:04 - 00155232 ___HT () C:\Users\Nick\AppData\Local\Temp\~787A.tmp
2014-01-29 16:38 - 2015-04-10 13:31 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-01-29 16:38 - 2015-04-10 13:31 - 00228352 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
2013-05-25 12:10 - 2011-03-31 05:37 - 00491520 ____N () C:\Windows\system\CmAu106.dll
2015-05-28 18:07 - 2015-05-28 18:07 - 00043008 _____ () c:\users\nick\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplzpehh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-01-13 03:51 - 2014-01-13 03:51 - 00249688 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2014-01-13 03:51 - 2014-01-13 03:51 - 00241496 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2013-08-07 11:31 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-05-25 19:31 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 19:31 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00313344 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00389120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 06672896 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00156160 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 01174016 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 01240064 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00351744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00607744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 01336320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00394752 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 03191808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 01762816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00143360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00230912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00996352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00582144 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2015-03-14 14:56 - 2015-05-28 18:08 - 12313600 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 09901568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00094208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2015-03-14 14:56 - 2015-03-14 14:56 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2015-03-14 14:56 - 2015-03-14 14:56 - 00012800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2015-03-14 14:56 - 2015-03-14 14:56 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2015-03-14 14:56 - 2015-05-27 15:45 - 00173568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll
2015-03-14 14:56 - 2015-05-27 15:45 - 00972800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2015-05-14 20:07 - 2015-05-11 21:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F79F0EA6-A32E-4A61-BDCD-A16A9DFF6639}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{916A67E1-09DE-42E1-8258-1809F38627DC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F28FB2BE-AFAC-438F-9388-AEE13C3BA422}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F32809F4-F3C4-466A-B2D5-0E039D0818CC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{CD1DE4B3-816A-4371-A7CA-2C0746729EC5}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{A2A6AE1F-FB2D-4A6F-BBA8-E1E376E1EB84}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{A81A6D90-2F54-4A24-8817-EB33431B992C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{A41CCB57-C4D1-4054-A246-09EFC03E8B99}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{AD5BE695-F7A1-4C76-9E23-8383838DF35D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{CD8DB64B-6D2F-4C29-82EB-98A448693004}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D13DC824-9D71-479E-A415-8D4B7F935FC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FB49D08E-C552-46C4-9F2D-668F65507C6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D92C554B-FD80-46E0-9EE8-DCF9D47BC446}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4FFF90EE-257F-471F-870A-51636EAEE3D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A611056E-8E84-4C1B-A53D-B9A2D92D56E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B4878B1-6CBF-42A5-846F-4D6D67FAC7DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9E22E815-EFC3-4C3A-B113-E766E08C74DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{274FE227-A928-4D4E-A267-8CB12C0EC47C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{86B33DC8-0B44-4AF0-9C6E-CEE45365D875}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8F69E32C-6198-4D22-90F3-59D978662AC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{99676149-4CDD-4DA3-AA75-B55E68355212}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B079EAC4-E3EE-42A8-843D-3A544A586B73}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{070BC919-6266-4BBE-8E1A-B23179C0A223}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2E52F5BA-5AD7-4172-A5A5-87E3D7A15410}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{044CC7E5-DC38-4318-A712-4094F2B4E162}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0673E35D-019F-4976-B506-7C29A4BC8D4D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{6C87E4B4-CE7B-4972-A6A7-65C48E7A60AA}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{50978D7E-8B9C-4A62-A5C7-6C18D9678A45}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{123BD190-3B5E-416A-8BC5-097788297E8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{500C31E2-55A4-43FD-8010-6F31A8A5CC5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B597C0A-73D8-4636-81ED-BC1EB6EFD449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe
FirewallRules: [{80A43A9A-4918-49CA-B50E-33E9B24AFB7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe
FirewallRules: [{AC91E98D-769A-4B39-8CC9-88F7F3DD0684}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{C90FCF29-EF52-444C-B9D1-07467256A143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{68977582-A0DF-4053-A623-2E906553AF0B}] => (Allow) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B245ED21-5F1D-4E78-9864-02C99076DA3C}] => (Allow) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F0AAF4AE-5B6B-4FEC-8B0A-AA0A65C2C571}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{D13BEB6A-ACA8-4363-916F-2E46BBC6CA9A}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{94472E04-6A62-41F4-83AF-6F07C45C1FD3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{890B706B-268A-48A7-856E-71E3D4E8C08E}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [TCP Query User{C181E16E-6988-46F3-8C19-547189E081C1}C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{894499EB-0AEE-4634-88C8-36B4A2C16658}C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{67783C3B-820E-4AEC-9FBA-579DA69FF872}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{18F23C71-D4F1-4FE9-A37B-7F0D54D41B67}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{8D705BEA-4124-4051-99D1-A71EEBA0CD47}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{45F9DD2F-F6C9-44D8-9A26-4A1FA3C58695}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{E09FBBA1-9295-4BBD-8DBF-697263642655}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{9408CB65-7B8F-4AEA-B0C2-522E68919B28}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{B563C909-70DA-4EA0-99A7-CE1E1DE86E98}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{8F36DB3F-8C7B-43D4-A437-8290C4A28D98}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{2F521C93-5718-4A21-8EF7-7C9B6EEEDD01}C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe] => (Allow) C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe
FirewallRules: [UDP Query User{D12B2432-7748-4324-9E10-BFC241B7309F}C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe] => (Allow) C:\program files (x86)\blobby volley 2.0 version 0.9b\blobby.exe
FirewallRules: [TCP Query User{42A4E4D3-FF52-48B5-8C55-ACD06AE0C84A}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{DAB67FC6-91E7-4978-90C4-11522561980C}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{C7FBF75C-5A06-4297-A045-70BF3B832B6E}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{B00B6466-718B-4BFB-A8C5-4F0ED470F813}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{3B7207AD-84EF-4BF9-A99B-67E225570E26}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe] => (Allow) C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe
FirewallRules: [UDP Query User{1FC8DBF7-F9BE-4116-AAF3-A1EA26C56CB7}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe] => (Allow) C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe
FirewallRules: [{3F1C80BF-8047-4236-BF7C-8F7CEB6E0972}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{EA050F3A-A660-458E-AE11-A9958FB16C0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{D9B6E16E-1323-4DF4-8E25-3B268DE1B148}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{1F76B087-AA65-44ED-9C93-224F6F64BA35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{A504F36F-12EB-48BE-AF18-31CDEB60B6EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{5B769A64-C565-4DBC-9A3E-D48941FE1A7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{2F081D27-EA74-42C1-A9FB-7186FBCFDB64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{F894234A-F7D6-4377-B604-29DF5B6708D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{67808984-5578-43C7-BEDF-DF5FE5544B21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BD96D59D-9C31-422A-A4FC-A73711AE042E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{B6BCFA4F-53DB-4EF9-B73B-D3C7C53927CD}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [UDP Query User{73135790-16E8-427F-982A-E98451465922}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [{EE46349C-D4DE-4AC2-A271-ED1B790F5FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{83976C88-2D0B-40CE-B074-2964C82350B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{91902EC4-75E9-4420-8F26-A663CA2D8757}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF69AA4B-AED4-41FD-A25D-20B42A89279D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2419DA34-1889-498B-82E2-5293F15A8E00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{4CF99383-E55F-490F-A367-1B1161C5B74A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [TCP Query User{AF5B66FE-5715-4E82-B7D2-4D48A25015E8}E:\jdk\bin\javaw.exe] => (Allow) E:\jdk\bin\javaw.exe
FirewallRules: [UDP Query User{A7082791-8F80-4E10-91B9-1B184B2CA7D5}E:\jdk\bin\javaw.exe] => (Allow) E:\jdk\bin\javaw.exe
FirewallRules: [TCP Query User{8B3EEB25-9640-4127-9880-77F738972BCF}E:\jdk\jre\bin\java.exe] => (Allow) E:\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{263D4EE8-F50E-4739-9B7E-929F57B7C8D5}E:\jdk\jre\bin\java.exe] => (Allow) E:\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{0A57F85F-6FB8-42AA-AC0A-216CC438A966}E:\java\greenfoot\greenfoot.exe] => (Allow) E:\java\greenfoot\greenfoot.exe
FirewallRules: [UDP Query User{DB6E236D-AFDD-410C-A75A-137E4E104D55}E:\java\greenfoot\greenfoot.exe] => (Allow) E:\java\greenfoot\greenfoot.exe
FirewallRules: [TCP Query User{A06FDC56-E8AA-458E-9204-6563BDD2ACC6}E:\java\jdk\jre\bin\java.exe] => (Allow) E:\java\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{0702095A-2E5C-4B83-A71B-EA48296F3F15}E:\java\jdk\jre\bin\java.exe] => (Allow) E:\java\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{F70B2010-B6E0-43CE-A83F-8F7CFFDD795A}E:\java\jdk\bin\javaw.exe] => (Allow) E:\java\jdk\bin\javaw.exe
FirewallRules: [UDP Query User{239B915E-1627-4757-88D5-E5A475D688D0}E:\java\jdk\bin\javaw.exe] => (Allow) E:\java\jdk\bin\javaw.exe
FirewallRules: [{BB2E1048-2F84-47E9-94FF-24BDB26784A7}] => (Block) E:\java\jdk\bin\javaw.exe
FirewallRules: [{9EB6E139-3201-444E-9723-AD6BD78EBD9B}] => (Block) E:\java\jdk\bin\javaw.exe
FirewallRules: [{B96DC63C-623F-425F-AEAD-B8DDED97E42C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BackToBed\BackToBed.exe
FirewallRules: [{8159A1CF-E42A-4338-A952-3E3E78856555}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BackToBed\BackToBed.exe
FirewallRules: [{95B37C93-ABFB-486C-9853-8EDA724DC8A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EBF266F6-DE3C-450F-AFF4-2964D2090F30}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{755637AB-1414-4245-8AF8-B3230EC9E5E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A9FCCE4A-DA0C-41AB-BA07-00C050E5B1BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8CAD626C-5FC1-47CB-BA34-A8251D99BD61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{28068F8E-C054-489B-BE4E-B8F3B4520480}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{547EA45C-C98D-4839-8928-3FF2C223FFA2}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{371465BD-F6E7-4CC6-9649-95FFD2F46371}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BAB116E7-728B-4061-A36E-DE4C925DC236}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe] => (Allow) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe
FirewallRules: [UDP Query User{A226B8C2-A5C2-4E8C-9879-B54D5EE8815B}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe] => (Allow) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\bin\javaw.exe
FirewallRules: [TCP Query User{F58F61AE-8BDE-4F9B-81FB-A41B61AA3975}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe] => (Block) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{29B4B71C-7422-4951-BC1A-0B47ABA657C9}C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe] => (Block) C:\users\nick\appdata\local\temp\rar$exa0.594\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{564AD28D-9FD5-4180-A1CC-9832BF89B077}G:\java\jdk\bin\javaw.exe] => (Allow) G:\java\jdk\bin\javaw.exe
FirewallRules: [UDP Query User{537CF76B-9CF7-4F1E-AF0E-70040F5AC8B8}G:\java\jdk\bin\javaw.exe] => (Allow) G:\java\jdk\bin\javaw.exe
FirewallRules: [TCP Query User{B084F9D8-43D8-4C03-8586-3C58A37B6623}G:\java\jdk\jre\bin\java.exe] => (Allow) G:\java\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{9AB77540-2DF6-44A6-8BEB-E568E8F1D37C}G:\java\jdk\jre\bin\java.exe] => (Allow) G:\java\jdk\jre\bin\java.exe
FirewallRules: [{1F46E3C9-655B-4437-B5C5-5959D8BB304F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{5F997266-7A45-4155-B3DA-C6D3F2C6E44F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [TCP Query User{C1058049-BDDD-4144-A5D6-2E7083610E85}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{2C17E90F-E31C-4D4E-806B-9739FFC8A727}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{52045D0C-F98C-44F8-B3F8-2F8AB1701889}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{904C16A1-F692-4D9F-BD49-30E8AD052ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F9B6C694-02DE-4749-8965-F9B7F743D3EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8C82D8D7-8FD6-49F7-95A8-1208DE0009F5}] => (Allow) LPort=2869
FirewallRules: [{A525B475-B218-40F4-A12C-180A43A3FA69}] => (Allow) LPort=1900
FirewallRules: [{942BD708-0E25-4274-BAB9-A647D7B7E4C7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{995EBE06-1357-4432-ADD6-C51A2E1DC13B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E5233996-87F7-47F1-90D6-1037EC0CD141}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4961A9FE-1210-49E8-BE94-C58D4D77AD81}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{DA4D4A7E-1A73-41DB-9652-34BDEBF5E01D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6E391988-7754-424E-9063-8AD20A248115}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{5544209A-F4C8-4A15-89B1-AC6AA2BC3BA1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{B6D0CFE9-C090-4547-A1D8-B946114C22A4}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{3C434A39-BFAD-4007-A808-B2881C89BAD8}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{3ABFEDE4-7780-4F97-8D06-4B15EBB94E67}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{746D9974-99E0-4943-9A91-812234FC2070}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1A9A64D8-D12A-4C7A-84EC-D6A61B1DD37E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{FB957155-3AD6-48C3-B62C-03848E5EE222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{4CB15694-4A64-42FC-BF85-4CC1F175D5C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: HID-konforme Maus
Description: HID-konforme Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HID-konforme Maus
Description: HID-konforme Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 06:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 09:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 08:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 07:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 43.0.2357.81 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1244

Startzeit: 01d098830dc35ad5

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 69e3795c-0499-11e5-b022-d43d7e93280b

Error: (05/27/2015 03:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 09:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066
Name des fehlerhaften Moduls: Etprop.ax, Version: 1.0.0.0, Zeitstempel: 0x4ce0c9ef
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000cf82
ID des fehlerhaften Prozesses: 0x14b8
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (05/25/2015 07:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 09:30:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm osu!.exe, Version 1.3.3.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2100

Startzeit: 01d09657169b74ee

Endzeit: 22

Anwendungspfad: C:\Users\Nick\AppData\Local\osu!\osu!.exe

Berichts-ID:


System errors:
=============
Error: (05/28/2015 05:58:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2015 09:09:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1070

Error: (05/27/2015 09:09:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1070

Error: (05/27/2015 09:09:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (05/27/2015 09:07:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2015 08:58:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2015 08:58:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (05/27/2015 08:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2015 03:41:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2015 02:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (05/28/2015 06:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 09:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 08:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 07:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.81124401d098830dc35ad54C:\Program Files (x86)\Google\Chrome\Application\chrome.exe69e3795c-0499-11e5-b022-d43d7e93280b

Error: (05/27/2015 03:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 09:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066Etprop.ax1.0.0.04ce0c9ef400000150000cf8214b801d0970c6c014148C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\Etprop.axc335d9de-0316-11e5-9be0-d43d7e93280b

Error: (05/25/2015 07:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 09:30:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: osu!.exe1.3.3.7210001d09657169b74ee22C:\Users\Nick\AppData\Local\osu!\osu!.exe


CodeIntegrity Errors:
===================================
  Date: 2015-05-20 16:49:58.710
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nick\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-20 16:49:58.680
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nick\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-20 16:49:58.574
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-20 16:49:58.540
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-23 19:36:44.351
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-23 19:36:44.312
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16317.41 MB
Available physical RAM: 12238.15 MB
Total Pagefile: 32633.04 MB
Available Pagefile: 26975.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Nicks 2TB Festplatte) (Fixed) (Total:1851.64 GB) (Free:1390.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5593A727)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1851.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)

==================== End of log ============================
         
__________________

Alt 28.05.2015, 18:14   #4
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nick (administrator) on NICKS-PC on 28-05-2015 19:07:19
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\system\cm106eye.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Dropbox, Inc.) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Users\Nick\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [41304 2014-01-13] (Tablet Driver)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
AppInit_DLLs: C:\ProgramData\SecurityUtility\SecurityUtility64.dll => C:\ProgramData\SecurityUtility\SecurityUtility64.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2013-05-25]
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-23]
FF HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164736 2013-12-25] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408576 2010-11-10] (Etron)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 19:07 - 2015-05-28 19:07 - 00023521 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-05-28 19:03 - 2015-05-28 19:03 - 02108928 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2015-05-27 21:16 - 2015-05-27 21:16 - 00058648 _____ () C:\Users\Nick\Desktop\mbam2.txt
2015-05-26 21:40 - 2015-05-26 21:40 - 00017107 _____ () C:\Users\Nick\Desktop\Esport.odt
2015-05-24 21:29 - 2015-05-12 04:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-24 21:28 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-24 21:28 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-24 21:28 - 2015-05-12 08:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-24 16:41 - 2015-05-24 16:41 - 00008306 _____ () C:\Users\Nick\Desktop\BlitzGrandPrixEinzelrunden.ods
2015-05-24 15:57 - 2015-05-28 18:07 - 00000364 _____ () C:\Windows\Tasks\WBCYJ1.job
2015-05-24 15:57 - 2015-05-24 15:57 - 00002886 _____ () C:\Windows\System32\Tasks\WBCYJ1
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVG
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Local\Avg
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\AVG
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-05-24 15:55 - 2015-05-24 15:55 - 00054408 _____ () C:\Users\Nick\Downloads\3DMark-v1-5-893_CB-DL-Manager.exe
2015-05-20 17:07 - 2015-05-20 17:07 - 11298737 _____ () C:\Users\Nick\Downloads\M7808v1.0.zip
2015-05-20 17:07 - 2015-05-20 17:07 - 07318031 _____ () C:\Users\Nick\Downloads\7808v17.zip
2015-05-20 16:49 - 2015-05-20 16:49 - 04179293 _____ (Lavalys, Inc. ) C:\Users\Nick\Downloads\everesthome220.exe
2015-05-20 16:49 - 2015-05-20 16:49 - 00001126 _____ () C:\Users\Nick\Desktop\EVEREST Home Edition.lnk
2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2015-05-16 20:50 - 2015-05-16 20:50 - 09900819 _____ () C:\Users\Nick\Downloads\150945 Knife Party - Centipede (1).osz
2015-05-15 13:23 - 2015-05-15 13:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-05-13 23:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:51 - 2015-05-13 22:51 - 00000222 _____ () C:\Users\Nick\Desktop\AdVenture Capitalist.url
2015-05-13 15:05 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:05 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:05 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:05 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:05 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:05 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:05 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:05 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:05 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:05 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:05 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:05 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:05 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:05 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:05 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:05 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:05 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:05 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:05 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:05 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:04 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:04 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:04 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:04 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:04 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:04 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:04 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:04 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:04 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:04 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:04 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:04 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:04 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:04 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:04 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:04 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:04 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:04 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:03 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:03 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:03 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:03 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:03 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:03 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:03 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:03 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 15:03 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 15:03 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 15:03 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 15:03 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:03 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 15:03 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:03 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:07 - 2015-05-12 21:07 - 02860245 _____ () C:\Users\Nick\Downloads\175036 Maffalda - pensamento tipico de esquerda caviar.osz
2015-05-11 17:21 - 2015-05-11 17:21 - 03986414 _____ () C:\Users\Nick\Downloads\24340 Cascada - Dangerous (Nightcore Mix).osz
2015-05-08 14:51 - 2015-05-08 14:51 - 05405578 _____ () C:\Users\Nick\Downloads\33119 F-777 - He's a Pirate (1).osz
2015-05-06 18:49 - 2015-05-06 18:49 - 13087456 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Silverlight_x64.exe
2015-04-30 19:32 - 2015-04-30 19:32 - 00001219 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-30 19:32 - 2015-04-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-30 18:33 - 2015-04-30 19:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-29 19:23 - 2015-04-29 19:24 - 19809716 _____ () C:\Users\Nick\Downloads\80104 Jin - Yobanashi Deceive.osz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 19:07 - 2015-03-12 15:08 - 00000000 ____D () C:\FRST
2015-05-28 19:07 - 2013-05-29 16:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2015-05-28 19:06 - 2013-05-25 11:07 - 01242858 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 19:04 - 2013-09-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-28 19:03 - 2015-03-12 15:08 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-05-28 19:02 - 2013-06-14 20:40 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\TS3Client
2015-05-28 19:01 - 2015-03-01 16:40 - 00000000 ____D () C:\Users\Nick\Desktop\Blitz GrandPrix
2015-05-28 19:01 - 2014-07-25 16:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 19:01 - 2014-04-18 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 19:01 - 2013-05-26 12:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 19:00 - 2013-05-26 12:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 18:07 - 2013-12-22 16:48 - 00000000 ____D () C:\ProgramData\Origin
2015-05-28 18:07 - 2013-10-04 21:53 - 00000000 ___RD () C:\Users\Nick\Dropbox
2015-05-28 18:07 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox
2015-05-28 18:07 - 2013-06-12 16:43 - 00000000 ____D () C:\Users\Nick\AppData\Local\LogMeIn Hamachi
2015-05-28 18:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 18:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 17:58 - 2014-12-11 18:43 - 00038566 _____ () C:\Windows\setupact.log
2015-05-28 17:58 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-28 17:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 21:23 - 2015-03-19 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Local\osu!
2015-05-27 21:07 - 2015-01-03 13:25 - 00179892 _____ () C:\Windows\PFRO.log
2015-05-27 20:20 - 2014-07-25 16:39 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-25 22:58 - 2014-11-14 15:48 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.minecraft
2015-05-25 21:59 - 2015-04-05 17:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net
2015-05-25 21:48 - 2013-05-25 18:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2015-05-25 19:31 - 2013-05-26 12:51 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 21:41 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Nick\Desktop\Chat Test
2015-05-24 21:37 - 2014-07-04 20:36 - 93089657 _____ () C:\Users\Nick\Desktop\Mod-Pack.zip
2015-05-24 21:30 - 2014-11-04 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-24 21:30 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-24 21:29 - 2013-05-22 11:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-24 20:41 - 2014-11-04 21:18 - 00001401 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-24 12:57 - 2013-12-22 18:20 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\FIFA 13
2015-05-23 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-23 14:41 - 2013-08-05 14:28 - 00000948 _____ () C:\Users\Nick\Desktop\lol.txt
2015-05-22 14:57 - 2013-12-31 15:29 - 04697768 _____ () C:\Users\Nick\Desktop\TechnicLauncher.exe
2015-05-22 14:57 - 2013-08-27 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.technic
2015-05-21 21:00 - 2015-04-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 17:46 - 2015-03-22 17:40 - 37648082 _____ () C:\Users\Nick\Desktop\pi_data.txt
2015-05-20 17:35 - 2015-04-05 17:52 - 00000490 _____ () C:\Users\Nick\Desktop\cpuz.ini
2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-17 18:23 - 2013-05-26 12:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 18:23 - 2013-05-26 12:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:57 - 2014-12-18 19:19 - 00000000 ____D () C:\Users\Nick\Desktop\Partien
2015-05-16 15:19 - 2011-04-12 09:43 - 00700012 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 15:19 - 2011-04-12 09:43 - 00149604 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 15:19 - 2009-07-14 07:13 - 01622382 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 16:36 - 2014-03-15 17:05 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\TmForever
2015-05-14 21:59 - 2015-04-05 20:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 20:04 - 2009-07-14 06:45 - 00314448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 20:01 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 23:45 - 2013-05-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-13 23:45 - 2013-04-23 10:14 - 01649064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 23:44 - 2013-08-14 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:39 - 2013-08-10 12:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:37 - 2013-08-13 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:51 - 2014-06-20 23:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-13 19:22 - 2014-07-09 18:07 - 00007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2015-05-13 16:09 - 2015-04-05 17:24 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-13 08:52 - 2014-08-19 22:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-12 20:55 - 2013-05-25 11:51 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Audacity
2015-05-12 20:49 - 2014-12-05 13:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 16:58 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-12 08:27 - 2014-09-27 21:59 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-12 08:27 - 2014-09-27 21:59 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-12 08:27 - 2014-08-19 22:13 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-12 05:30 - 2013-05-22 11:52 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-12 05:30 - 2013-05-22 11:52 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-11 19:01 - 2013-05-22 11:52 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-11 17:23 - 2015-01-08 22:07 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-11 17:12 - 2013-05-29 16:31 - 00000000 ____D () C:\ProgramData\Skype
2015-05-08 02:35 - 2014-11-04 21:18 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-08 02:35 - 2014-11-04 21:18 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-08 02:34 - 2014-11-04 21:18 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-08 02:34 - 2014-11-04 21:18 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-07 22:01 - 2014-05-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 22:00 - 2014-05-14 18:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 22:00 - 2014-05-14 18:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-07-04 21:16 - 2014-07-04 21:16 - 0046080 ___SH () C:\Users\Nick\AppData\Roaming\Thumbs.db
2015-04-23 19:23 - 2015-04-23 19:23 - 0000218 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel
2014-07-09 18:07 - 2015-05-13 19:22 - 0007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2013-06-23 11:34 - 2013-10-25 19:21 - 0001700 _____ () C:\ProgramData\hpzinstall.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LmeUSB.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002688 _____ () C:\ProgramData\LmeZJSW.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LSDmbTH.log

Some files in TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\avgnt.exe
C:\Users\Nick\AppData\Local\Temp\cpuz165.exe
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplzpehh.dll
C:\Users\Nick\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Nick\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Nick\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nick\AppData\Local\Temp\nvStInst.exe
C:\Users\Nick\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\Nick\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Nick\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Nick\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 16:21

==================== End of log ============================
         

Alt 28.05.2015, 18:26   #5
Warlord711
/// TB-Ausbilder
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Ok, so gehts weiter:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
emptytemp:
reboot:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 29.05.2015, 13:55   #6
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Sooo...

ADW Cleaner:
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 13:44:07
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Nick - NICKS-PC
# Gestarted von : C:\Users\Nick\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Nick\Desktop\ftb.exe
Datei Gelöscht : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lfsm.de_0.localstorage
Datei Gelöscht : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lfsm.de_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [3939 Bytes] - [12/03/2015 16:47:10]
AdwCleaner[R1].txt - [1731 Bytes] - [29/05/2015 13:42:48]
AdwCleaner[S0].txt - [3954 Bytes] - [12/03/2015 16:48:42]
AdwCleaner[S1].txt - [1651 Bytes] - [29/05/2015 13:44:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1710  Bytes] ##########
         







JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nick on 29.05.2015 at 14:10:59,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8



~~~ Chrome


[C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Nick\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2015 at 14:13:09,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         





Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nick at 2015-05-29 14:16:24 Run:2
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Boot Mode: Normal
==============================================

fixlist content:
*****************
emptytemp:
reboot:
         
*****************

EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:16:48 ====
         




checkup
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         




FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nick (administrator) on NICKS-PC on 29-05-2015 14:50:33
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
() C:\Windows\system\cm106eye.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySQLNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Dropbox, Inc.) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Nick\Desktop\SecurityCheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [41304 2014-01-13] (Tablet Driver)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.6\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
AppInit_DLLs: C:\ProgramData\SecurityUtility\SecurityUtility64.dll => C:\ProgramData\SecurityUtility\SecurityUtility64.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2013-05-25]
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-23]
FF HKU\S-1-5-21-2093199856-2832982660-2437927299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164736 2013-12-25] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408576 2010-11-10] (Etron)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 14:50 - 2015-05-29 14:51 - 00023366 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-05-29 14:49 - 2015-05-29 14:49 - 00001069 _____ () C:\Users\Nick\Desktop\sc.txt
2015-05-29 14:21 - 2015-05-29 14:20 - 00852639 _____ () C:\Users\Nick\Desktop\SecurityCheck.exe
2015-05-29 14:20 - 2015-05-29 14:20 - 00852639 _____ () C:\Users\Nick\Downloads\SecurityCheck.exe
2015-05-29 14:13 - 2015-05-29 14:13 - 00001298 _____ () C:\Users\Nick\Desktop\JRT.txt
2015-05-29 14:11 - 2015-05-29 14:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NICKS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-29 14:11 - 2015-05-29 14:11 - 00000000 ____D () C:\RegBackup
2015-05-29 14:10 - 2015-05-29 14:09 - 02948651 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2015-05-29 14:09 - 2015-05-29 14:09 - 02948651 _____ (Thisisu) C:\Users\Nick\Downloads\JRT.exe
2015-05-29 14:09 - 2015-05-29 14:09 - 00001790 _____ () C:\Users\Nick\Desktop\adw2.txt
2015-05-29 13:42 - 2015-05-29 13:41 - 02222592 _____ () C:\Users\Nick\Desktop\AdwCleaner_4.205.exe
2015-05-29 13:41 - 2015-05-29 13:41 - 02222592 _____ () C:\Users\Nick\Downloads\AdwCleaner_4.205.exe
2015-05-28 19:03 - 2015-05-28 19:03 - 02108928 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2015-05-27 21:16 - 2015-05-27 21:16 - 00058648 _____ () C:\Users\Nick\Desktop\mbam2.txt
2015-05-26 21:40 - 2015-05-26 21:40 - 00017107 _____ () C:\Users\Nick\Desktop\Esport.odt
2015-05-24 21:29 - 2015-05-12 04:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-24 21:28 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-24 21:28 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-24 21:28 - 2015-05-12 08:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-24 21:28 - 2015-05-12 08:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-24 16:41 - 2015-05-24 16:41 - 00008306 _____ () C:\Users\Nick\Desktop\BlitzGrandPrixEinzelrunden.ods
2015-05-24 15:57 - 2015-05-29 14:17 - 00000364 _____ () C:\Windows\Tasks\WBCYJ1.job
2015-05-24 15:57 - 2015-05-24 15:57 - 00002886 _____ () C:\Windows\System32\Tasks\WBCYJ1
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVG
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\Users\Nick\AppData\Local\Avg
2015-05-24 15:57 - 2015-05-24 15:57 - 00000000 ____D () C:\ProgramData\AVG
2015-05-24 15:55 - 2015-05-24 15:55 - 00054408 _____ () C:\Users\Nick\Downloads\3DMark-v1-5-893_CB-DL-Manager.exe
2015-05-20 17:07 - 2015-05-20 17:07 - 11298737 _____ () C:\Users\Nick\Downloads\M7808v1.0.zip
2015-05-20 17:07 - 2015-05-20 17:07 - 07318031 _____ () C:\Users\Nick\Downloads\7808v17.zip
2015-05-20 16:49 - 2015-05-20 16:49 - 04179293 _____ (Lavalys, Inc. ) C:\Users\Nick\Downloads\everesthome220.exe
2015-05-20 16:49 - 2015-05-20 16:49 - 00001126 _____ () C:\Users\Nick\Desktop\EVEREST Home Edition.lnk
2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-05-20 16:49 - 2015-05-20 16:49 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2015-05-16 20:50 - 2015-05-16 20:50 - 09900819 _____ () C:\Users\Nick\Downloads\150945 Knife Party - Centipede (1).osz
2015-05-15 13:23 - 2015-05-15 13:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-05-13 23:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:51 - 2015-05-13 22:51 - 00000222 _____ () C:\Users\Nick\Desktop\AdVenture Capitalist.url
2015-05-13 15:05 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:05 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:05 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:05 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:05 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:05 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:05 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:05 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:05 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:05 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:05 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:05 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:05 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:05 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:05 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:05 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:05 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:05 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:05 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:05 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:04 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:04 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:04 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:04 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:04 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:04 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:04 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:04 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:04 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:04 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:04 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:04 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:04 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:04 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:04 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:04 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:04 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:04 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:04 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:04 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:04 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:04 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:04 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:04 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:04 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:03 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:03 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:03 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:03 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:03 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:03 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:03 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 15:03 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:03 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 15:03 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 15:03 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 15:03 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 15:03 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:03 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 15:03 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:03 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:07 - 2015-05-12 21:07 - 02860245 _____ () C:\Users\Nick\Downloads\175036 Maffalda - pensamento tipico de esquerda caviar.osz
2015-05-11 17:21 - 2015-05-11 17:21 - 03986414 _____ () C:\Users\Nick\Downloads\24340 Cascada - Dangerous (Nightcore Mix).osz
2015-05-08 14:51 - 2015-05-08 14:51 - 05405578 _____ () C:\Users\Nick\Downloads\33119 F-777 - He's a Pirate (1).osz
2015-05-06 18:49 - 2015-05-06 18:49 - 13087456 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Silverlight_x64.exe
2015-04-30 19:32 - 2015-04-30 19:32 - 00001219 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-30 19:32 - 2015-04-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-30 18:33 - 2015-04-30 19:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-29 19:23 - 2015-04-29 19:24 - 19809716 _____ () C:\Users\Nick\Downloads\80104 Jin - Yobanashi Deceive.osz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 14:50 - 2015-03-12 15:08 - 00000000 ____D () C:\FRST
2015-05-29 14:48 - 2014-04-18 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 14:40 - 2014-07-25 16:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 14:28 - 2013-05-26 12:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 14:26 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 14:26 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 14:22 - 2013-05-25 11:07 - 01273448 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 14:19 - 2013-10-04 21:53 - 00000000 ___RD () C:\Users\Nick\Dropbox
2015-05-29 14:19 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox
2015-05-29 14:19 - 2013-05-29 16:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2015-05-29 14:18 - 2013-12-22 16:48 - 00000000 ____D () C:\ProgramData\Origin
2015-05-29 14:18 - 2013-09-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-29 14:18 - 2013-06-12 16:43 - 00000000 ____D () C:\Users\Nick\AppData\Local\LogMeIn Hamachi
2015-05-29 14:17 - 2015-01-03 13:25 - 00180582 _____ () C:\Windows\PFRO.log
2015-05-29 14:17 - 2014-12-11 18:43 - 00039070 _____ () C:\Windows\setupact.log
2015-05-29 14:17 - 2013-05-26 12:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 14:17 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-29 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 13:44 - 2015-03-12 16:47 - 00000000 ____D () C:\AdwCleaner
2015-05-28 21:39 - 2013-06-14 20:40 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\TS3Client
2015-05-28 21:32 - 2015-04-05 17:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net
2015-05-28 19:03 - 2015-03-12 15:08 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-05-28 19:01 - 2015-03-01 16:40 - 00000000 ____D () C:\Users\Nick\Desktop\Blitz GrandPrix
2015-05-27 21:23 - 2015-03-19 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Local\osu!
2015-05-27 20:20 - 2014-07-25 16:39 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-27 20:20 - 2014-07-25 16:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-25 22:58 - 2014-11-14 15:48 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.minecraft
2015-05-25 21:48 - 2013-05-25 18:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2015-05-25 19:31 - 2013-05-26 12:51 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 21:41 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Nick\Desktop\Chat Test
2015-05-24 21:37 - 2014-07-04 20:36 - 93089657 _____ () C:\Users\Nick\Desktop\Mod-Pack.zip
2015-05-24 21:30 - 2014-11-04 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-24 21:30 - 2013-05-22 11:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-24 21:29 - 2013-05-22 11:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-24 20:41 - 2014-11-04 21:18 - 00001401 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-24 12:57 - 2013-12-22 18:20 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\FIFA 13
2015-05-23 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-23 14:41 - 2013-08-05 14:28 - 00000948 _____ () C:\Users\Nick\Desktop\lol.txt
2015-05-22 14:57 - 2013-12-31 15:29 - 04697768 _____ () C:\Users\Nick\Desktop\TechnicLauncher.exe
2015-05-22 14:57 - 2013-08-27 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.technic
2015-05-21 21:00 - 2015-04-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 17:46 - 2015-03-22 17:40 - 37648082 _____ () C:\Users\Nick\Desktop\pi_data.txt
2015-05-20 17:35 - 2015-04-05 17:52 - 00000490 _____ () C:\Users\Nick\Desktop\cpuz.ini
2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:11 - 2015-04-05 23:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-17 18:23 - 2013-05-26 12:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 18:23 - 2013-05-26 12:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:57 - 2014-12-18 19:19 - 00000000 ____D () C:\Users\Nick\Desktop\Partien
2015-05-16 15:19 - 2011-04-12 09:43 - 00700012 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 15:19 - 2011-04-12 09:43 - 00149604 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 15:19 - 2009-07-14 07:13 - 01622382 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 16:36 - 2014-03-15 17:05 - 00000000 ____D () C:\Users\Nick\Desktop\Documents\TmForever
2015-05-14 21:59 - 2015-04-05 20:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 20:04 - 2009-07-14 06:45 - 00314448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 20:01 - 2013-08-13 15:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 20:01 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 23:45 - 2013-05-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-13 23:45 - 2013-04-23 10:14 - 01649064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 23:44 - 2013-08-14 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:39 - 2013-08-10 12:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:37 - 2013-08-13 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:51 - 2014-06-20 23:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-13 19:22 - 2014-07-09 18:07 - 00007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2015-05-13 16:09 - 2015-04-05 17:24 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-13 08:52 - 2014-08-19 22:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-12 20:55 - 2013-05-25 11:51 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Audacity
2015-05-12 20:49 - 2014-12-05 13:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 16:58 - 2013-10-04 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-12 08:27 - 2014-09-27 21:59 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-12 08:27 - 2014-09-27 21:59 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-12 08:27 - 2014-08-19 22:13 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-12 08:27 - 2013-04-18 08:36 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-12 05:30 - 2013-05-22 11:52 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-12 05:30 - 2013-05-22 11:52 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-12 05:30 - 2013-05-22 11:52 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-11 19:01 - 2013-05-22 11:52 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-11 17:23 - 2015-01-08 22:07 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-11 17:23 - 2015-01-08 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-11 17:12 - 2013-05-29 16:31 - 00000000 ____D () C:\ProgramData\Skype
2015-05-08 02:35 - 2014-11-04 21:18 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-08 02:35 - 2014-11-04 21:18 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-08 02:34 - 2014-11-04 21:18 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-08 02:34 - 2014-11-04 21:18 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-07 22:01 - 2014-05-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 22:00 - 2014-05-14 18:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 22:00 - 2014-05-14 18:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-07-04 21:16 - 2014-07-04 21:16 - 0046080 ___SH () C:\Users\Nick\AppData\Roaming\Thumbs.db
2015-04-23 19:23 - 2015-04-23 19:23 - 0000218 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel
2014-07-09 18:07 - 2015-05-13 19:22 - 0007603 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2013-06-23 11:34 - 2013-10-25 19:21 - 0001700 _____ () C:\ProgramData\hpzinstall.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LmeUSB.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002688 _____ () C:\ProgramData\LmeZJSW.log
2013-12-25 19:50 - 2014-06-09 17:52 - 0002739 _____ () C:\ProgramData\LSDmbTH.log

Some files in TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\avgnt.exe
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfeurb_.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 16:21

==================== End of log ============================
         

Alt 31.05.2015, 12:54   #7
Warlord711
/// TB-Ausbilder
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Ok, dann noch ESET Scan, der dauert länger:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 31.05.2015, 17:28   #8
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



log.txt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c32259f05fd5df4cbb9aba7b430bee56
# engine=24107
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-31 03:57:10
# local_time=2015-05-31 05:57:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33004790 184717680 0 0
# scanned=414782
# found=0
# cleaned=0
# scan_time=9732
         

Alt 31.05.2015, 19:04   #9
Warlord711
/// TB-Ausbilder
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Die Logs sind jetzt sauber.

Adobe Flash Player 10 ActiveX noch deinstallieren.

Gabs weiterhin diese Chrome Abstürze + Aero Design Meldung ?

Ansonsten:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demand Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 31.05.2015, 19:45   #10
OvSilver
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Ja es gab gestern abend noch eine Design Meldung... soll ich die Schritte trotzdem ausführen?

Alt 01.06.2015, 11:29   #11
Warlord711
/// TB-Ausbilder
 
MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Standard

MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft



Ich würd dir raten, den Google Chrome komplett zu deinstallieren und neu zu installieren und dann weiter zu beobachten, ob das Verhalten erneut auftritt.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort

Themen zu MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft
aero design, blacklist, bootstrap.js, fehlercode 0x40000015, fehlercode 22, fehlercode 31, fehlercode windows, homepage, malwarebytes, microsoft, neustart, newtab, programm, pup.optional.ask.a, pup.optional.securityutility.a, software, super, this device is disabled. (code 22), trojan.agent




Ähnliche Themen: MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft


  1. Trojaner bei Firefox und Chrome/ mbam lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.09.2014 (15)
  2. Windows 7, 64bit: Computer stürzt permanent ab, MBAM funktioniert nicht
    Log-Analyse und Auswertung - 12.09.2014 (33)
  3. Laptop langsam, mbam zeigt Funde-log bleibt leer?
    Log-Analyse und Auswertung - 08.09.2014 (14)
  4. MBAM zeigt Treffer an und stürzt ab beim Entfernen!
    Log-Analyse und Auswertung - 05.08.2014 (10)
  5. Bildschirmauflösung ändert sich von allein
    Plagegeister aller Art und deren Bekämpfung - 13.07.2014 (7)
  6. MBAM zeigt bereits 39 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (27)
  7. Windows 7: Scan mit MBAM zeigt Systembefall mit mysearchdial an
    Log-Analyse und Auswertung - 05.05.2014 (9)
  8. XP: Mbam zeigt mehr als 11k Probleme!
    Log-Analyse und Auswertung - 25.12.2013 (11)
  9. GVU-Trojaner v2.04 - MBAM zeigt keinen Befund
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Speicherplatz ändert sich andauernt
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (1)
  11. Pc stürzt bei Downloads ab + SMART zeigt Fehler an
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (4)
  12. WINXP SP2 Desktop Design verändert sich von selber
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (0)
  13. Neues Design für McAffe, könnte es sich um einen VIrus Handeln?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.03.2010 (2)
  14. DNS adresse ändert sich automatisch
    Log-Analyse und Auswertung - 05.01.2009 (2)
  15. Startseite ändert sich immer :-(
    Log-Analyse und Auswertung - 06.05.2005 (0)
  16. escan zeigt Troianer inSystem Volume
    Plagegeister aller Art und deren Bekämpfung - 02.11.2004 (7)
  17. Startseite ändert sich
    Log-Analyse und Auswertung - 22.06.2004 (6)

Zum Thema MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft - Hallo, als ich vor wenigen Minuten mit MBAM einen Bedrohungssuchlauf durchgeführt habe hat das Programm die Datei pi.exe als Troianer angegeben. Außerdem ist mir in letzter Zeit aufgefallen, dass Chrome - MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft...
Archiv
Du betrachtest: MBAM zeigt Troianer an (pi.exe), Chrome stürzt oft ab und das Windws Design ändert sich oft auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.